Nevis Networks, a market leader in secure switching and identity-based policy enforcement appliances, today announced that Nevis Labs has identified vulnerabilities in Microsoft Windows Live OneCare.
Affected Product/Versions:
Windows Live OneCare < 2.0.2500
Windows Defender and ForeFront are also affected.
Product Overview: Windows Live OneCare is a new, subscription-based service provided by Microsoft to protect Windows computers. OneCare provides anti-virus protection, a two-way firewall, a back-up utility and system tune-ups.For more information visit http://onecare.live.com/.
Vulnerability Details: These vulnerabilities allow remote unauthenticated attackers to launch a Denial of Service (DoS) attack on the Windows Live OneCare/Windows Defender/ForeFront. No user interaction is required. There are various ways to exploit these vulnerabilities. It can be done through sending email to victim’s Mail server, convincing victim to visit website, transferring files through P2P/IM.
The first flaw exists within the parsing of the certain size field in the PE file. By setting this field to an overly large value, the vulnerable antivirus software will “eat” several Giga bytes disk space, which result in a disk space based DoS, especially for the antivirus installed on the server side.
The second flaw also exists within the parsing PE file. By crafting a malformed PE file, the vulnerable antivirus software will crash with memory corruption while scanning this file.
About Nevis Networks Nevis Networks is a market leader in secure switching and identity-based policy enforcement appliances. The company’s LANenforcer product family transparently enforces identity-based policies in real time within the network fabric, tightly controlling who can access a company’s network and what resources they are permitted to use.
