Dear security@xxxxxxxxx, Either Subject "UPX parsing Arbitrary CodeExecution" or vulnerability description "Infinite Loop in UPX packed files parsing" are wrong. Can you provide more detailed information please? It's not clear, how infinite loop can lead to remote code execution. --Friday, August 24, 2007, 11:15:01 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: snc> Description: snc> A remotely exploitable vulnerability has been found in the file parsing snc> engine. snc> In detail, the following flaw was determined: snc> - Infinite Loop in UPX packed files parsing snc> Impact: snc> This problem can lead to remote denial of service or arbitrary code snc> execution if an attacker carefully crafts a file that exploits the snc> aforementioned vulnerability. The vulnerability is present in Sophos snc> Anti-virus software listed above on all platforms supported by the affected snc> products prior to the engine Version 2.48.0. -- ~/ZARAZA http://securityvulns.com/
