iViZ has announced that it has discovered new classes of vulnerabilities in many popular commercial and open source antivirus software. These vulnerabilities can potentially allow attackers to break into systems using such antivirus software.
The affected software include many popular commercial and open source antivirus software such as AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender & Avast. Other software could also be vulnerable.
Bala Girisaballa, Vice President, explains how attackers can target a seemingly secure system and break into it by exploiting its antivirus software.
An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable antivirus software it can either crash the antivirus software or execute arbitrary code resulting in complete security bypass and remote system compromise.