Lucene search

[email protected]CVE-2008-6085

HistoryFeb 06, 2009 - 11:30 a.m.

CVE-2008-6085

2009-02-0611:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-6085

f-secure

anti-virus

code execution

rpm

buffer overflow

8.1 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

CPENameOperatorVersion
f-secure:f-secure_anti-virus_for_workstationsf-secure f-secure anti-virus for workstationseq7.11
f-secure:f-secure_protection_service_for_consumersf-secure f-secure protection service for consumerseq5.00
f-secure:f-secure_anti-virusf-secure f-secure anti-viruseq2008
f-secure:f-secure_anti-virusf-secure f-secure anti-viruseq2006
f-secure:f-secure_anti-virusf-secure f-secure anti-viruseq2007
f-secure:f-secure_anti-virus_linux_client_securityf-secure f-secure anti-virus linux client securityeq5.30
f-secure:f-secure_anti-virus_for_microsoft_exchangef-secure f-secure anti-virus for microsoft exchangeeq7.00
f-secure:f-secure_protection_service_for_consumersf-secure f-secure protection service for consumerseq7.00
f-secure:f-secure_internet_securityf-secure f-secure internet securityeq2008
f-secure:f-secure_protection_service_for_businessf-secure f-secure protection service for businessle3.10

CPE	Name	Operator	Version
f-secure:f-secure_anti-virus_for_workstations	f-secure f-secure anti-virus for workstations	eq	7.11
f-secure:f-secure_protection_service_for_consumers	f-secure f-secure protection service for consumers	eq	5.00
f-secure:f-secure_anti-virus	f-secure f-secure anti-virus	eq	2008
f-secure:f-secure_anti-virus	f-secure f-secure anti-virus	eq	2006
f-secure:f-secure_anti-virus	f-secure f-secure anti-virus	eq	2007
f-secure:f-secure_anti-virus_linux_client_security	f-secure f-secure anti-virus linux client security	eq	5.30
f-secure:f-secure_anti-virus_for_microsoft_exchange	f-secure f-secure anti-virus for microsoft exchange	eq	7.00
f-secure:f-secure_protection_service_for_consumers	f-secure f-secure protection service for consumers	eq	7.00
f-secure:f-secure_internet_security	f-secure f-secure internet security	eq	2008
f-secure:f-secure_protection_service_for_business	f-secure f-secure protection service for business	le	3.10

Rows per page:

1-10 of 391

References

secunia.com/advisories/32352

www.f-secure.com/security/fsc-2008-3.shtml

www.securityfocus.com/bid/31846

www.securitytracker.com/id?1021073

www.vupen.com/english/advisories/2008/2874

exchange.xforce.ibmcloud.com/vulnerabilities/46016

Social References

8.1 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2008-6085

cvelist1 nessus1 openvas4 prion1