unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports.