CVSS: 4.3EPSS: 1%CPEs: 35EXPL: 0CVE-2008-3243
https://notcve.org/view.php?id=CVE-2008-3243
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash. Múltiples vulnerabilidades sin especificar en el motor de análisis anterior a 4.4.4 en el F-Prrot Antivirus anterior a 6.0.9.0, permite a atacantes remotos provocar una denegación de servicio a través de (1) un fichero UPX-comppressed manipulado que provoca una caída del motor; (2) mediante un fichero Microsoft Office manipulado que lanza un bucle infinito o (3) mediante un fichero ASPack-compressed que provoca una caída del motor. • http://secunia.com/advisories/31118 http://www.f-prot.com/download/ReleaseNotesWindows.txt http://www.securityfocus.com/bid/30258 https://exchange.xforce.ibmcloud.com/vulnerabilities/43868 https://exchange.xforce.ibmcloud.com/vulnerabilities/43869 https://exchange.xforce.ibmcloud.com/vulnerabilities/43870 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 35EXPL: 0CVE-2008-3244
https://notcve.org/view.php?id=CVE-2008-3244
The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read. Motor de análisis anterior a 4.4.4 en F-Prot Antivirus anterior a 6.0.9.0, permite a atacantes remotos provocar una denegación de servicio (caída de motor) a través de un fichero CHM con un valor nb_dir largo, lo que provoca una lectura fuera de rango. • http://secunia.com/advisories/31118 http://www.f-prot.com/download/ReleaseNotesWindows.txt http://www.nruns.com/security_advisory_fprot_out-of-bound_memory_access_DoS.php http://www.securityfocus.com/bid/30253 http://www.securitytracker.com/id?1020507 http://www.vupen.com/english/advisories/2008/2124/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43835 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 26%CPEs: 2EXPL: 3CVE-2006-6352 – F-Prot AntiVirus 4.6.6 - 'ACE' Denial of Service
https://notcve.org/view.php?id=CVE-2006-6352
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. FRISK Software F-Prot Antivirus anterior a 4.6.7 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (bucle infinito) mediante un fichero ACE artesanal. NOTA: este asunto está parcialmente solapado con CVE-2006-6294. • https://www.exploit-db.com/exploits/2892 http://gleg.net/fprot.txt http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html http://secunia.com/advisories/23328 http://security.gentoo.org/glsa/glsa-200612-12.xml http://securityreason.com/securityalert/1998 http://securitytracker.com/id?1017331 http://www.f-prot.com/news/gen_news/061201_release_unix467.html http://www.securityfocus.com/archive/1/453475/100/0/threaded http://www.securityfocus.com/bid/214 •
CVSS: 7.5EPSS: 61%CPEs: 25EXPL: 2CVE-2006-6293 – F-Prot AntiVirus 4.6.6 - CHM Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6293
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. Desbordamiento de búfer basado en montículo en FRISK Software F-Prot Antivirus 3.16f anterior al 4.6.7 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de ficheros CHM manipulados. NOTA: Esta vulnerabilidad tiene, por lo menos una parte, solapada con la CVE-2006-6294. • https://www.exploit-db.com/exploits/2893 http://gleg.net/fprot.txt http://gleg.net/vulndisco_meta.shtml http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html http://secunia.com/advisories/22879 http://secunia.com/advisories/23328 http://security.gentoo.org/glsa/glsa-200612-12.xml http://securitytracker.com/id?1017331 http://www.f-prot.com/news/gen_news/061201_release_unix467.html http://www.osvdb.org/30406 http://www.securityfocus.com/archive& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •