Tuesday, March 18, 2008

And you thought zip files were boring 

.ZIP files are only one of a whole class of files used to compress and package groups of other files. Antivirus programs need to understand how to look inside such things, otherwise viruses could escape detection by hiding inside .ZIP or other files.

So far, so good.

But what if the software that looks inside those files can be crashed by badly or maliciously formed input? Remember that if you can crash a program you're only one step from taking it over. And remember that your antivirus software has lots of privileges on your computer.

Researchers in Finland wrote a program to make random changes to a wide range of packed file formats and tested several products that read the files. Quite a few crashed.

They let the software makers know. A lot of the open source products are already fixed. On the commercial side, F-Secure has already rolled out fixes and Symantec, who makes the Norton products, was already OK.

Details for your technical friends:
Test results for "fuzzing" of archive file formats.
CERT advisory on archive format vulnerabilties


This page is powered by Blogger. Isn't yours?