[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247085

 
 

909

 
 

194218

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1003Date: (C)2011-02-23   (M)2023-12-22


Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1025100
SECUNIA-43392
SECUNIA-43498
SECUNIA-43752
BID-46470
OSVDB-70937
ADV-2011-0453
ADV-2011-0458
ADV-2011-0523
FEDORA-2011-2741
FEDORA-2011-2743
MDVA-2011:007
SUSE-SR:2011:005
USN-1076-1
http://openwall.com/lists/oss-security/2011/02/21/4
http://openwall.com/lists/oss-security/2011/02/21/1
clamav-vbareadprojectstrings-dos(65544)
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob%3Bf=ChangeLog%3Bhb=clamav-0.97
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=d21fb8d975f8c9688894a8cef4d50d977022e09f
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486

CPE    114
cpe:/a:clamav:clamav:0.95:src2
cpe:/a:clamav:clamav:0.95:src1
cpe:/a:clamav:clamav:0.81:rc1
cpe:/a:clamav:clamav:0.21
...
CWE    1
CWE-399
OVAL    4
oval:org.secpod.oval:def:700248
oval:org.secpod.oval:def:103209
oval:org.secpod.oval:def:101294
oval:org.secpod.oval:def:101283
...

© SecPod Technologies