5 results (0.008 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria. El código IOCTL 0x22200B del controlador Vba32m64.sys permite leer hasta 0x802 de memoria desde un puntero arbitrario proporcionado por el usuario. • https://fluidattacks.com/advisories/adderley https://www.anti-virus.by/vba32 • CWE-125: Out-of-bounds Read •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria al activar los códigos IOCTL 0x22201B, 0x22201F, 0x222023, 0x222027, 0x22202B, 0x22202F, 0x22203F, 0x222057 y 0x22205B del Controlador vba32m64.sys. • https://fluidattacks.com/advisories/adderley https://www.anti-virus.by/vba32 • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 15%CPEs: 1EXPL: 1

The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive. El motor de escaneo en VirusBlokAda VBA32 Personal Antivirus v3.12.8.x permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo RAR malformado. • https://www.exploit-db.com/exploits/6658 http://www.securityfocus.com/bid/31560 https://exchange.xforce.ibmcloud.com/vulnerabilities/47573 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. VirusBlokAda VBA32 v3.12.8.5, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe. VirusBlokAda Vba32 AntiVirus 3.12.2 utiliza permisos débiles (Everyone:Write) para sus directorios de instalación, lo cual permite a usuarios locales ganar privilegios a través del remplazamiento de programas de aplicaicón, como se demostró remplazando vba32ldr.exe. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066313.html http://osvdb.org/37991 http://secunia.com/advisories/27094 http://www.anti-virus.by/en http://www.securityfocus.com/bid/25930 • CWE-264: Permissions, Privileges, and Access Controls •