Antivirus maker McAfee’s antivirus library was found to have a vulnerability in its antivirus library—if it processes a malformed file in the compressed LHA format, that triggers a stack overflow which can let a hacker launch malicious code on a McAfee user’s computer.
The McAfee vulnerability is believed to affect implementations of the antivirus library, leaving them vulnerable by way of common protocols like SMTP, HTTP, and FTP, according to Atlanta-based Internet Security Systems, which reported the flaw March 21, though it didn’t say just when the flaw was spotted.
ISS added that other security software companies like Symantec and Trend Micro have had a similar problem in recent weeks. Because authentications are not required for attackers to exploit the problem, ISS said, the McAfee library implementations are vulnerable in their default configurations.
Secunia security research Thomas Kristensen, whose company had spotted a comparable vulnerability in some Symantec products, said antivirus programs are virus writing favorites, if flaws appear, because they have large numbers of users and thus bring a high infection rate. But he added that antivirus software by and large has not been found with many vulnerabilities overall.
"It's appealing to attackers to find exploits in antivirus," Kristensen told reporters. "But we can take comfort in the fact that it's security firms finding these flaws first. Obviously, it would be pretty bad if malicious guys had gotten there before everyone else. Antivirus software is usually very complex, so although it would be nice if the programs were flawless, it's natural for errors to occur. Sadly, it's just bound to happen."
It was not known whether the McAfee antivirus library vulnerability had anything to do with Microsoft’s decision in late December to drop McAfee as their Hotmail e-mail scanner in favor of Trend Micro.
