CVE-2006-6458

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU y cuelgue de aplicación) mediante un archivo RAR mal formado con una sección Cabecera de Archivo con lo campos head_size (tamaño de cabecera) y pack_size (tamaño de paquete) puestos a cero, lo cual dispara un bucle infinito.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-12-11 CVE Reserved
2006-12-11 CVE Published
2024-05-05 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439	Third Party Advisory
http://secunia.com/advisories/23321	Third Party Advisory
http://www.securityfocus.com/bid/21509	Vdb Entry
http://www.vupen.com/english/advisories/2006/4918	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Trend Micro Search vendor "Trend Micro"		Officescan Search vendor "Trend Micro" for product "Officescan"				7.3 Search vendor "Trend Micro" for product "Officescan" and version "7.3"		-		Affected
Trend Micro Search vendor "Trend Micro"		Pc Cillin - Internet Security 2006 Search vendor "Trend Micro" for product "Pc Cillin - Internet Security 2006"				*		-		Affected
Trend Micro Search vendor "Trend Micro"		Serverprotect Search vendor "Trend Micro" for product "Serverprotect"				5.58 Search vendor "Trend Micro" for product "Serverprotect" and version "5.58"		emc		Affected