Oracle Holes Hit AV Provider

Friday, August 3, 2012 @ 12:08 PM gHale

Avira AntiVir for Exchange, and the Avira Small Business Security Suite and Avira Business Security Suite that contain it, are all vulnerable to the Oracle file conversion holes revealed two weeks ago in Oracle’s monthly patch day.

The holes in Oracle’s Outside In library made a range of third party applications vulnerable to attackers with crafted files in particular formats.

Others Suffer from Oracle Patch
Microsoft Warns of Oracle Holes
Big Oracle Patch Day
New Java Exploit Debuts

A product update for the Exchange package is now available; for the suites, the user needs to reinstall the updated package.

At first the AV provider thought the vulnerability did not affect them. Avira initially said there was no issue with Avira AntiVir for Exchange because it used the Microsoft Jet Engine and Microsoft Access as a database and therefore did suffer from the issue.

Upon further review, a few days later Avira changed its tune and said the company is trying to provide updates as soon as possible.

Leave a Reply

You must be logged in to post a comment.