[Forgot Password]
Login  Register Subscribe

23631

 
 

122726

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-6386

Date: (C)2007-12-14   (M)2017-08-08 


Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1019079
SECUNIA-28038
OSVDB-39769
OSVDB-39770
ADV-2007-4191
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
http://secway.org/advisory/AD20071211.txt
trendmicro-pccscan-zip-bo(38982)

CWE    1
CWE-119

© 2013 SecPod Technologies