LSE discovers vulnerability in Avira’s AntiVir Engine

While conducting a penetration test on a customer system LSE Leading Security Experts’ employees Markus Vervier and Eric Sesterhenn discovered a Denial of Service vulnerability and possible memory corruption in the Avira AntiVir Engine. By scanning specially crafted PDF documents, a bug can be triggered which causes an endless loop in the scanning engine.

This allows an attacker to stall the antivirus engine and prevent malicious files from being detected. Additionally an attacker may be able to cause the antivirus engine to consume all available resources on the system. In case of enterprise setups like for example mailgateways an effective Denial of Service attack can be launched on the whole system.

Avira has been informed immediately and released a fix a few days after. LSE therefore advises to install the latest updates via the update functionality.

Affected Versions

  • Avira AntiVir Engine < 8.2.12.58

Affected Products

  • Avira Server Security
  • Avira AntiVir MailGate
  • Avira AntiVir MailGate Suite
  • Avira Exchange Security
  • Avira AntiVir WebGate
  • Avira AntiVir WebGate Suite
  • Avira AntiVir SharePoint
  • Avira Professional Security
  • Avira AntiVir Personal
  • Avira Savapi

Read more in the corresponding Security-Advisory