An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file . Other bugs have also been corrected in 0.94.1 which is being provided with this update.