CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 0CVE-2008-3373
https://notcve.org/view.php?id=CVE-2008-3373
The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. El motor del analizador sintáctico de archivos de Grisoft AVG Anti-Virus anterior 8.0.156, permite a atacantes remotos provocar una denegación de servicio (caída de motor) a través de un fichero UPX comprimido manipulado, que lanza un error "División por cero". • http://secunia.com/advisories/31290 http://www.grisoft.com/ww.94247 http://www.nruns.com/advisories/%5Bn.runs-SA-2008%20004%5D%20-%20AVG%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt http://www.securityfocus.com/archive/1/494867/100/0/threaded http://www.securityfocus.com/bid/30417 http://www.securitytracker.com/id?1020570 http://www.vupen.com/english/advisories/2008/2225/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44057 • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3777
https://notcve.org/view.php?id=CVE-2007-3777
avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. avg7core.sys 7.5.0.444 en Grisoft AVG Anti-Virus 7.5.448 y Free Edition 7.5.446, proporciona una función interna que copia datos a una direción arbitraria, lo cual permite a usuarios locales obtener privilegios mediante argumentos de dirección arbitrarios para una función proporcionada por la llamada IOCTL 0x5348E004 al manejador DeviceIoControl. • http://osvdb.org/37975 http://secunia.com/advisories/25998 http://securityreason.com/securityalert/2887 http://securitytracker.com/id?1018362 http://www.securityfocus.com/archive/1/473360/100/0/threaded http://www.securityfocus.com/bid/24870 http://www.vupen.com/english/advisories/2007/2518 https://exchange.xforce.ibmcloud.com/vulnerabilities/35345 •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5937
https://notcve.org/view.php?id=CVE-2006-5937
Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer en Grisoft AVG Anti-Virus anterior a 7.1.407 permite a un atacante remoto ejecutar código a través de archivos (1)CAB o (2)RAR manipulados que disparan un desbordamiento de búfer basado en pila. NOTA: algunos de estos detalles se obtuvieron de información de terceros. • http://marc.info/?l=full-disclosure&m=116343152030074&w=2 http://secunia.com/advisories/22811 http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 http://www.vupen.com/english/advisories/2006/4498 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5938
https://notcve.org/view.php?id=CVE-2006-5938
Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file. Grisoft AVG Anti-Virus anterior a 7.1.407 tiene un impacto desconocido y vectores de ataque remotos que afectan a una variable no inicializada y a un fichero CAB manipulado. • http://marc.info/?l=full-disclosure&m=116343152030074&w=2 http://secunia.com/advisories/22811 http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 http://www.vupen.com/english/advisories/2006/4498 https://exchange.xforce.ibmcloud.com/vulnerabilities/30246 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5940
https://notcve.org/view.php?id=CVE-2006-5940
Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files. Vulnerabilidad no especificada en Grisoft AVG Anti-Virus anterior a 7.1.407 tiene un impacto desconocido y vectores remotos de ataque realciones con "asuntos de integer" y el análisis sintáctivo de los archivos .exe • http://marc.info/?l=full-disclosure&m=116343152030074&w=2 http://secunia.com/advisories/22811 http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 http://www.vupen.com/english/advisories/2006/4498 • CWE-189: Numeric Errors •