CVE-2007-2974
https://notcve.org/view.php?id=CVE-2007-2974
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." Desbordamiento de búfer en el motor de análisis sintáctico de ficheros en el Antivirus Avira Antivir anterior al 7.03.00.09 permite a atacantes remotos ejecutar código de su elección a través de un fichero LZH modificado, resultado de un "redondeo de conversión a entero". • http://forum.antivir-pe.de/thread.php?threadid=22528 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html http://osvdb.org/36712 http://secunia.com/advisories/25417 http://securityreason.com/securityalert/2764 http://securitytracker.com/id?1018131 http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt http://www.securityfocus.com/archive/1/469805/100/0/threaded http://www •
CVE-2007-1673
https://notcve.org/view.php?id=CVE-2007-1673
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior. • http://osvdb.org/36208 http://secunia.com/advisories/25315 http://securityreason.com/securityalert/2680 http://www.amavis.org/security/asa-2007-2.txt http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 • CWE-399: Resource Management Errors •
CVE-2007-1671
https://notcve.org/view.php?id=CVE-2007-1671
avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. avpack32.dll anterior a 7.3.0.6 en Avira AntiVir permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo ZOO con una estructura de entrada a directorio que apunta a un fichero anterior. • http://osvdb.org/35911 http://secunia.com/advisories/25140 http://securityreason.com/securityalert/2680 http://www.securityfocus.com/archive/1/467646/100/0/threaded http://www.securityfocus.com/bid/23823 http://www.vupen.com/english/advisories/2007/1702 https://exchange.xforce.ibmcloud.com/vulnerabilities/34080 •
CVE-2006-4619
https://notcve.org/view.php?id=CVE-2006-4619
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information. La ventana de inicio de actualización en update.exe en Avira AntiVir PersonalEdition Classic 7.0 construcción 151 permite a un usuario local conseguir privilegios de sistema a través del tipo de ataque "Shatter" sobre el parámetro (1)IParam, y los mensajes (2) PBM_GETRANGE y (3) PBM_SETRANGE en una barra de progreso no especifica. NOTA: algunos detalles se obtuvieron a partir de una información de terceros. • http://secunia.com/advisories/21764 http://www.securityfocus.com/archive/1/445205/100/0/threaded http://www.securityfocus.com/archive/1/445263/100/0/threaded http://www.securityfocus.com/bid/19843 http://www.securityfocus.com/bid/19889 •
CVE-2006-1274
https://notcve.org/view.php?id=CVE-2006-1274
Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042868.html http://secunia.com/advisories/19217 http://securityreason.com/securityalert/573 http://www.osvdb.org/23843 http://www.securityfocus.com/archive/1/427412/100/0/threaded http://www.securityfocus.com/bid/17071 http://www.vupen.com/english/advisories/2006/0948 https://exchange.xforce.ibmcloud.com/vulnerabilities/25244 •