Zero-Day Advisory
Fortinet Discovers Multiple Out-of-Bounds Write Vulnerabilities in AVIRA
Summary
Fortinet's FortiGuard Labs has discovered multiple out-of-bounds write vulnerabilities in one of the DLL components served as IPC server run in AVIRA core service avguard.exe.
Avira is an antivirus software developed by Avira Operations GmbH & Co. KG.
A client program which successfully sends a crafted message to the vulnerable IPC server would potentially cause privilege elevation or denial-of-service.
Solutions
Users should apply AVIRA updates 15.0.26.48 and above
Additional Information
Fortinet reported the vulnerability to Avira on November 21, 2016.
Avira patched the vulnerability on February 21, 2017.
Acknowledgement
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.