HomePentest-Tools.com Logo

ClamAV < 0.96 Security Bypass And Memory Corruption Vulnerabilities - Windows CVE-2010-0098CVE-2010-1311

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

ClamAV is prone to security bypass and memory corruption vulnerabilities.

Risk description

The flaws are due to: - An error in handling of CAB and 7z file formats, which allows to bypass virus detection via a crafted archive that is compatible with standard archive utilities. - An error in qtm_decompress function in libclamav/mspack.c, which allows to crash application via a crafted CAB archive that uses the Quantum. Successful exploitation will allow attackers to bypass certain security restrictions.

Recommendation

Update to version 0.96 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 8, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available