Lucene search

[email protected]CVE-2006-6335

HistoryDec 12, 2006 - 8:28 p.m.

CVE-2006-6335

2006-12-1220:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sophos

anti-virus

buffer overflow

remote code execution

cve-2006-6335

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

JSON

Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.

CPENameOperatorVersion
sophos:sophos_anti-virussophos sophos anti-virusle2.3

CPE	Name	Operator	Version
sophos:sophos_anti-virus	sophos sophos anti-virus	le	2.3

References

secunia.com/advisories/23325

www.securityfocus.com/archive/1/454197/100/0/threaded

www.securityfocus.com/archive/1/454211/100/0/threaded

www.securityfocus.com/bid/21563

www.sophos.com/support/knowledgebase/article/17340.html

www.sophos.com/support/knowledgebase/article/21637.html

www.vupen.com/english/advisories/2006/4919

www.zerodayinitiative.com/advisories/ZDI-06-045.html

www.zerodayinitiative.com/advisories/ZDI-06-046.html

exchange.xforce.ibmcloud.com/vulnerabilities/30851

exchange.xforce.ibmcloud.com/vulnerabilities/30852

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2006-6335

securityvulns2 zdi2