ISS X-Force finds AV Scanner Problems

ISS X-Force has discovered vulnerabilities in the way some Symantec and F-Secure products handle specific types of compressed files. The vendors have released fixes, but this shows that systematic searching for problems can discovered previously unknown flaws. There has also been an announcement concerning ZIP file handling in ClamAV. There may be more vulnerabilities related to the handling of compressed files discovered in the near future.

More Information

Symantec UPX Parsing Engine Heap Overflow
F-Secure Security Bulletin FSC-2005-1 Code execution vulnerability in ARJ-archive handling
Vulnerability in VSAPI ARJ parsing could allow Remote Code execution
ClamAV: Multiple issues
Patch now against virus-writing clowns