Computer Security

ClamAV antivirus integer overflow
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



ClamAV antivirus integer overflow
Published:19.12.2007
Source:BUGTRAQ
SecurityVulns ID:8467
Type:remote
Level:7/10
Description:Integer overflow leading to heap buffer overflow on MEW packer parsing.
Affected:CLAMAV : ClamAV 0.91
CVE:CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.)
 CVE-2007-5759 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6335. Reason: This candidate is a duplicate of CVE-2007-6335. Notes: All CVE users should reference CVE-2007-6335 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.18.07: ClamAV libclamav MEW PE File Integer Overflow Vulnerability (19.12.2007)
Files:clamav-0.91.2 exploit ( CVE-2007-6335 )
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru