Lucene search

PRIOn knowledge basePRION:CVE-2007-2650

HistoryMay 14, 2007 - 9:19 p.m.

Code injection

2007-05-1421:19:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.0%

JSON

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

CPENameOperatorVersion
clamavlt0.90.3
debian_linuxeq3.1
debian_linuxeq4.0

Name	Operator	Version
clamav	lt	0.90.3
debian_linux	eq	3.1
debian_linux	eq	4.0

References

article.gmane.org/gmane.comp.security.virus.clamav.devel/2853

kolab.org/security/kolab-vendor-notice-15.txt

lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html

secunia.com/advisories/25244

secunia.com/advisories/25523

secunia.com/advisories/25525

secunia.com/advisories/25553

secunia.com/advisories/25558

secunia.com/advisories/25688

secunia.com/advisories/25796

security.gentoo.org/glsa/glsa-200706-05.xml

svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

www.debian.org/security/2007/dsa-1320

www.mandriva.com/security/advisories?name=MDKSA-2007:115

www.novell.com/linux/security/advisories/2007_33_clamav.html

www.securityfocus.com/bid/24316

www.trustix.org/errata/2007/0020/

www.vupen.com/english/advisories/2007/1776

6.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.014 Low

EPSS

Percentile

86.0%

JSON

Related for PRION:CVE-2007-2650