Lucene search

[email protected]CVE-2006-6458

HistoryDec 11, 2006 - 5:28 p.m.

CVE-2006-6458

2006-12-1117:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

trend micro

scan engine

denial of service

rar archive

nvd

vulnerability

cve-2006-6458

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.013 Low

EPSS

Percentile

85.6%

JSON

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

CPENameOperatorVersion
trend_micro:pc_cillin_-_internet_security_2006trend micro pc cillin - internet security 2006eq*
trend_micro:officescantrend micro officescaneq7.3
trend_micro:serverprotecttrend micro serverprotecteq5.58

CPE	Name	Operator	Version
trend_micro:pc_cillin_-_internet_security_2006	trend micro pc cillin - internet security 2006	eq	*
trend_micro:officescan	trend micro officescan	eq	7.3
trend_micro:serverprotect	trend micro serverprotect	eq	5.58

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=439

secunia.com/advisories/23321

www.securityfocus.com/bid/21509

www.vupen.com/english/advisories/2006/4918

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.013 Low

EPSS

Percentile

85.6%

JSON