CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23440 – Vba32 Antivirus v3.36.0 - Arbitrary Memory Read
https://notcve.org/view.php?id=CVE-2024-23440
13 Feb 2024 — Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria. El código IOCTL 0x22200B del controlador Vba32m64.sys permite leer hasta 0x802 de memoria desde un puntero arbitrario proporcionado por el usuario. Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory ... • https://fluidattacks.com/advisories/adderley • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23439 – Vba32 Antivirus v3.36.0 - Arbitrary Memory Read
https://notcve.org/view.php?id=CVE-2024-23439
13 Feb 2024 — Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria al activar los códigos IOCTL 0x22201B, 0x22201F, 0x222023, 0x222027, 0x22202B, 0x22202F, 0x22203F, 0x222057 y 0x22205B del Controlador vba32m64.sys. • https://fluidattacks.com/advisories/adderley • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 1CVE-2008-5667 – VBA32 Personal AntiVirus 3.12.8.x - Malformed Archive Denial of Service
https://notcve.org/view.php?id=CVE-2008-5667
18 Dec 2008 — The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive. El motor de escaneo en VirusBlokAda VBA32 Personal Antivirus v3.12.8.x permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo RAR malformado. • https://www.exploit-db.com/exploits/6658 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-5546
https://notcve.org/view.php?id=CVE-2008-5546
12 Dec 2008 — VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. VirusBlokAda VBA32 v3.12.8.5, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un docume... • http://securityreason.com/securityalert/4723 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-5254
https://notcve.org/view.php?id=CVE-2007-5254
06 Oct 2007 — VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. VirusBlokAda Vba32 AntiVirus 3.12.2 utiliza permisos débiles (Everyone:Write) para sus directorios de instalación, lo cual permite a usuarios locales ganar privilegios a través del remplazamiento de programas de aplicaicón, como se demostró remplazando vba32ldr.exe. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066313.html • CWE-264: Permissions, Privileges, and Access Controls •