Risk: High
A security vulnerability exists in the anti-virus engine of specific versions of ZoneAlarm Anti-Virus and ZoneAlarm Security Suite (ZoneAlarm and ZoneAlarm Pro are not affected).
ZoneAlarm Anti-Virus and ZoneAlarm Security Suite use the Vet engine from Computer Associates for anti-virus detection. Due to an integer wrap issue in the code associated with OLE processing, a heap overflow may occur which could potentially allow a skilled attacker to cause the firewall to stop processing traffic or execute arbitrary code.
The vulnerability is caused by an integer overflow in the Vet anti-virus engine (VetE.dll) when analysing OLE streams. This can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Office document.
Zone Labs has released an updated anti-virus engine for affected products, which is automatically applied during the next anti-virus update that typically occurs daily. Customers may also manually update their anti-virus service for immediate protection.
If successfully exploited, a skilled attacker could cause the firewall that is integrated into the Security Suite to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges.