Glitch in archive processing removed

Recently security consultant Thierry Zoller informed us about some defective RAR archives which our products didn’t process properly. Those archives were resulting in a division by zero error in our unpacker module. This would lead to a crash of the module. In very rare circumstances this bug could lead to reading 4 random bytes, and in even more seldom cases even a NULL pointer dereference might have occured. We don’t believe it was possible to execute injected code with specially prepared archives due to this bug, but anyhow we fixed the problem and pushed out an update last friday. By now, every Avira user should have received and installed the update automatically.

Dirk Knop
Technical Editor