Secunia

ISS X-Force has reported a vulnerability in multiple McAfee products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the AV scanning engine when processing LHA archives and can be exploited to cause a buffer overflow via a specially crafted LHA file.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 4320 of the AV scanning engine and affects the following products:
* Internet Security Suite
* VirusScan (all versions)
* VirusScan Professional
* Active Virus Defense SMB Edition
* Active VirusScan SMB Edition
* Active Threat Protection
* Active Mail Protection
* GroupShield for Exchange
* GroupShield for Exchange 5.5
* GroupShield for Lotus Domino
* GroupShield for Mail Servers with ePO
* LinuxShield
* NetShield for Netware
* PC Security Suite
* PortalShield for Microsoft SharePoint
* SecurityShield for Microsoft ISA Server
* Virex
* VirusScan ASaP
* Managed VirusScan
* VirusScan Command Line
* VirusScan for NetApp
* VirusScan Enterprise 8.0i
* Web Essentials
* WebShield Appliances
* WebShield SMTP

Solution
The vendor recommends applying the latest .DAT files and updating to AV scanning engine version 4400.

Provided and/or discovered by
Alex Wheeler, ISS X-Force.

Changelog
Further details available in Customer Area

Original Advisory
McAfee:
http://us.mcafee.com/root/support.asp?id=4320_faqs

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/190

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area