Issue

Four vulnerabilities in Norman's antivirus scanner engine have been reported.

1. Buffer Overflow vulnerability in parsing of  ACE files
2. Buffer Overflow vulnerabilities in parsing of  LZH files
3. Divide-by-zero vulnerability in parsing of DOC files (OLE2)
4. Detection vulnerability in parsing of DOC files (OLE2)

Affected software

• Norman Virus Control single user and corporate versions
• Norman Internet Control
• NVCnet for Terminal and File servers
• NVCnet for Internet Service Providers
• Norman Virus Control for Novell Netware (FireBreak)
• Norman Virus Control for Lotus Domino
• Norman Virus Control for Microsoft Exchange 2000 and Exchange 5.5
• Norman Virus Control for Firewall-1 NG
• Norman Virus Control for MIMEsweeper

• Third party software using Norman's antivirus scanner engine

Update status

The vulnerabilities referred in items 3 and 4 above have been fixed in Norman's scanner engine version 5.91.02, relased on Norman's Internet update servers as an automatic update 14 June 2007.

Update 30 August 2007:

New program modules have today been relased on Norman's Internet update servers as an automatic update. These correct the two remaining vulnerabilities (items 1 and 2 above).

Mitigating factors

As far as Norman knows no programs or program code that exploit these vulnerabilities have been publicly available.

Acknowledgments

Norman wishes to thank Sergio Alvarez of n.runs AG for reporting these vulnerabilities and working with us in identifying them.

Revision history

• 2007-07-27: Advisory created
• 2007-08-30: Advisory reissued