CVE-2006-4182 – Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-4182
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. Desbordamiento de entero en ClamAV 0.88.1 y 0.88.4, y otras versiones anteriores a 0.88.5, permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) y ejecutar código de su elección mediante un Ejecutable Portátil (Portable Executable, PE) creado artesanalmente, que provoca un desbordamiento de búfer basado en montón cuando se ha reservado menos memoria de la esperada. • https://www.exploit-db.com/exploits/2587 http://docs.info.apple.com/article.html?artnum=304829 http://kolab.org/security/kolab-vendor-notice-13.txt http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://secunia.com/advisories/22370 http://secunia.com/advisories/22421 http://secunia.com/advisories/22488 http://secunia.com/advisories/22498 http://secunia.com/advisories/22537 http:/ •
CVE-2006-1615
https://notcve.org/view.php?id=CVE-2006-1615
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://sourceforge.net/project/shownotes.php?release • CWE-134: Use of Externally-Controlled Format String •
CVE-2005-3501
https://notcve.org/view.php?id=CVE-2005-3501
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length. • http://secunia.com/advisories/17184 http://secunia.com/advisories/17434 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 http://securityreason.com/securityalert/150 http://securitytracker.com/id?1015154 http://sourceforge.net/project/shownotes.php?release_id=368319 http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.idefense.com/application/poi/display?id=334 • CWE-399: Resource Management Errors •
CVE-2005-1795
https://notcve.org/view.php?id=CVE-2005-1795
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. La función filecopy en misc.c en Clam AntiVirus (ClamAV) en versiones anteriores a 0.85, en Mac OS, permite a atacantes remotos ejecutar código arbitrario a través de un virus en un nombre de archivo que contiene metacaractéres shell, que no son manejados adecuadamente cuando permisos HFS impiden que el archivo sea borrado y el mismo se invoca. • http://securitytracker.com/id?1014070 http://www.sentinelchicken.com/advisories/clamav • CWE-20: Improper Input Validation •