Panda Software has fixed a flaw in its antivirus products that could have allowed an attack resulting in control over a user's computer, a company spokesman said Friday.
Panda did not receive any reports of exploits, and the problem was fixed within two days, said Fernando de la Cuadra, international technical editor, from Madrid. The vulnerability affected all of the company's antivirus products, he said. A patch was sent out to the company's customers automatically, De la Cuadra said.
The vulnerability was discovered Nov. 28 and reported by Alex Wheeler at www.rem0te.com. The problem was contained within the Panda Antivirus Library that provides file support for virus analysis, according to the advisory from rem0te.com and also carried by the French Security Incident Response Team.
During decompression of files in the ZOO compressed file format, computers were vulnerable to a heap overflow that could allow exploits through protocols such as SMTP (Simple Mail Transfer Protocol), the advisory said.