Panda Software has fixed a flaw in its anti-virus
products that potentially allowed remote attackers to take over
users’ PCs.
The company said the vulnerability affected all of the company’s
anti-virus products, and a patch to fix it has been sent out
automatically to customers.
The flaw was discovered last week and patched two days later,
said Panda.
The company was informed of the heap overflow flaw by internet
security researcher Alex Wheeler at
www.rem0te.com.
The problem was contained within the Panda Anti-Virus Library
that provides file support for virus analysis.
During decompression of files in the ZOO compressed file format,
computers were vulnerable to a heap overflow that potentially
allowed exploits through protocols such as Simple Mail Transfer
Protocol (SMTP).
