CVE-2006-5647
Sophos AntiVirus - '.CHM' Chunk Name Length Memory Corruption (PoC)
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
Sophos Anti-Virus y Endpoint Security versiones anteriores a 6.0.5, Anti-Virus para Linux anteriores a 5.0.10, y otras plataformas anteriores a 4.11 permite a atacantes remotos provocar una denegación de servicio (corrupción o agotamiento de memoria) y posiblemente ejecutar código de su elección mediante un fichero CHM mal formado con manipulaciones concretas del segmento de cabecera CHM, también conocido como "vulnerabilidad de agotamiento de memoria en longitud de nombre CHM".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-11-01 CVE Reserved
- 2006-11-01 CVE Published
- 2006-12-10 First Exploit
- 2024-02-05 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=451 | Third Party Advisory | |
| http://securitytracker.com/id?1017132 | Vdb Entry | |
| http://www.securityfocus.com/bid/20816 | Vdb Entry | |
| http://www.sophos.com/support/knowledgebase/article/7609.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/2911 | 2006-12-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/22591 | 2011-03-07 | |
| http://www.vupen.com/english/advisories/2006/4239 | 2011-03-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.04 Search vendor "Sophos" for product "Anti-virus" and version "4.04" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.05 Search vendor "Sophos" for product "Anti-virus" and version "4.05" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.5.3 Search vendor "Sophos" for product "Anti-virus" and version "4.5.3" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.5.4 Search vendor "Sophos" for product "Anti-virus" and version "4.5.4" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.5.11 Search vendor "Sophos" for product "Anti-virus" and version "4.5.11" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.5.12 Search vendor "Sophos" for product "Anti-virus" and version "4.5.12" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.7.1 Search vendor "Sophos" for product "Anti-virus" and version "4.7.1" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 4.7.2 Search vendor "Sophos" for product "Anti-virus" and version "4.7.2" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.0.1 Search vendor "Sophos" for product "Anti-virus" and version "5.0.1" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.0.2 Search vendor "Sophos" for product "Anti-virus" and version "5.0.2" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.0.4 Search vendor "Sophos" for product "Anti-virus" and version "5.0.4" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.1 Search vendor "Sophos" for product "Anti-virus" and version "5.1" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.2 Search vendor "Sophos" for product "Anti-virus" and version "5.2" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 5.2.1 Search vendor "Sophos" for product "Anti-virus" and version "5.2.1" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Anti-virus Search vendor "Sophos" for product "Anti-virus" | 6.0.4 Search vendor "Sophos" for product "Anti-virus" and version "6.0.4" | - |
Affected
| ||||||
| Sophos Search vendor "Sophos" | Endpoint Security Search vendor "Sophos" for product "Endpoint Security" | <= 6.04 Search vendor "Sophos" for product "Endpoint Security" and version " <= 6.04" | - |
Affected
| ||||||