6 results (0.025 seconds)

CVSS: 4.3EPSS: 1%CPEs: 35EXPL: 0

Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash. Múltiples vulnerabilidades sin especificar en el motor de análisis anterior a 4.4.4 en el F-Prrot Antivirus anterior a 6.0.9.0, permite a atacantes remotos provocar una denegación de servicio a través de (1) un fichero UPX-comppressed manipulado que provoca una caída del motor; (2) mediante un fichero Microsoft Office manipulado que lanza un bucle infinito o (3) mediante un fichero ASPack-compressed que provoca una caída del motor. • http://secunia.com/advisories/31118 http://www.f-prot.com/download/ReleaseNotesWindows.txt http://www.securityfocus.com/bid/30258 https://exchange.xforce.ibmcloud.com/vulnerabilities/43868 https://exchange.xforce.ibmcloud.com/vulnerabilities/43869 https://exchange.xforce.ibmcloud.com/vulnerabilities/43870 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 35EXPL: 0

The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read. Motor de análisis anterior a 4.4.4 en F-Prot Antivirus anterior a 6.0.9.0, permite a atacantes remotos provocar una denegación de servicio (caída de motor) a través de un fichero CHM con un valor nb_dir largo, lo que provoca una lectura fuera de rango. • http://secunia.com/advisories/31118 http://www.f-prot.com/download/ReleaseNotesWindows.txt http://www.nruns.com/security_advisory_fprot_out-of-bound_memory_access_DoS.php http://www.securityfocus.com/bid/30253 http://www.securitytracker.com/id?1020507 http://www.vupen.com/english/advisories/2008/2124/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43835 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 31%CPEs: 2EXPL: 3

FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. FRISK Software F-Prot Antivirus anterior a 4.6.7 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (bucle infinito) mediante un fichero ACE artesanal. NOTA: este asunto está parcialmente solapado con CVE-2006-6294. • https://www.exploit-db.com/exploits/2892 http://gleg.net/fprot.txt http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html http://secunia.com/advisories/23328 http://security.gentoo.org/glsa/glsa-200612-12.xml http://securityreason.com/securityalert/1998 http://securitytracker.com/id?1017331 http://www.f-prot.com/news/gen_news/061201_release_unix467.html http://www.securityfocus.com/archive/1/453475/100/0/threaded http://www.securityfocus.com/bid/214 •

CVSS: 7.5EPSS: 61%CPEs: 25EXPL: 2

Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. Desbordamiento de búfer basado en montículo en FRISK Software F-Prot Antivirus 3.16f anterior al 4.6.7 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de ficheros CHM manipulados. NOTA: Esta vulnerabilidad tiene, por lo menos una parte, solapada con la CVE-2006-6294. • https://www.exploit-db.com/exploits/2893 http://gleg.net/fprot.txt http://gleg.net/vulndisco_meta.shtml http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html http://secunia.com/advisories/22879 http://secunia.com/advisories/23328 http://security.gentoo.org/glsa/glsa-200612-12.xml http://securitytracker.com/id?1017331 http://www.f-prot.com/news/gen_news/061201_release_unix467.html http://www.osvdb.org/30406 http://www.securityfocus.com/archive& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Frisk F-Prot Antivirus allows remote attackers to bypass protection via a ZIP file with a version header greater than 15, which prevents F-Prot from decompressing and analyzing the file. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0073.html http://securitytracker.com/id?1015148 http://thierry.sniff-em.com/research/fprot.html http://www.osvdb.org/20865 http://www.securityfocus.com/archive/1/415637/30/0/threaded http://www.securityfocus.com/archive/1/502370/100/0/threaded http://www.securityfocus.com/bid/15293 http://www.zoller.lu/research/fprot.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/22967 •