Lucene search

[email protected]CVE-2006-5937

HistoryNov 16, 2006 - 12:07 a.m.

CVE-2006-5937

2006-11-1600:07:00

CWE-190

[email protected]

web.nvd.nist.gov

cve-2006-5937

grisoft avg anti-virus

integer overflows

remote code execution

cab

rar

heap-based buffer overflow

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
grisoft:avg_antivirusgrisoft avg antiviruseq7.0.251
grisoft:avg_antivirusgrisoft avg antiviruseq7.1.308
grisoft:avg_antivirusgrisoft avg antiviruseq7.0
grisoft:avg_antivirusgrisoft avg antiviruseq7.0.323

CPE	Name	Operator	Version
grisoft:avg_antivirus	grisoft avg antivirus	eq	7.0.251
grisoft:avg_antivirus	grisoft avg antivirus	eq	7.1.308
grisoft:avg_antivirus	grisoft avg antivirus	eq	7.0
grisoft:avg_antivirus	grisoft avg antivirus	eq	7.0.323

References

marc.info/?l=full-disclosure&m=116343152030074&w=2

secunia.com/advisories/22811

www.grisoft.com/doc/36365/lng/us/tpl/tpl01

www.vupen.com/english/advisories/2006/4498

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON