Panda fixes flaw in anti-virus products

By Jeremy Kirk, IDG News Service
December 02, 2005 08:11 AM ET

Panda Software has fixed a flaw in its anti-virus products that could have allowed an attack resulting in control over a user's computer, a company spokesman said Friday.

Panda did not receive any reports of exploits, and the problem was fixed within two days, said Fernando de la Cuadra, international technical editor, from Madrid. The vulnerability affected all of the company's anti-virus products, he said. A patch was sent out to the company's customers automatically, de la Cuadra said.

The vulnerability was discovered Nov. 28 and reported by Alex Wheeler at www.rem0te.com. The problem was contained within the Panda Antivirus Library that provides file support for virus analysis, according to the advisory from rem0te.com and also carried by the French Security Incident Response Team.

During decompression of files in the ZOO compressed file format, computers were vulnerable to a heap overflow that could allow exploits through protocols such as SMTP, the advisory said.