57 matches found
CVE-2006-4438
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name...
CVE-2006-4438
CVE-2006-4438 affects Dr.Web SpIDer for Linux (Dr.Web Scanner) v4.33 and possibly earlier. The vulnerability is a heap-based buffer overflow in an LHA archive’s extended header with a long directory name, allowing remote code execution as described in the NVD/NVD-related and Full-Disclosure discl...
[Full-disclosure] Dr.Web 4.33 antivirus LHA long directory name heap overflow
Topic: Dr.Web 4.33 antivirus LHA long directory name heap overflow Announced: 2006-09-19 Product: Dr.Web antivirus Vendor: http://www.drweb.com/ Impact: Code execution Affected product: Dr.Web 4.33, probably earlier versions also Credits: Jean-Sebastien Guay-Leroux CVE ID: CVE-2006-4438 I...
Dr.Web antivirus buffer overflow
Buffer overflow on oversized LHA archive directory name...
Dr.Web Antivirus 4.33 (LHA long directory name) Local Overflow Exploit
Exploit for linux platform in category local exploits ====================================================================== Dr.Web Antivirus 4.33 LHA long directory name Local Overflow Exploit ====================================================================== / stetoscope.c: Dr.Web 4.33...
Dr.Web Antivirus 4.33 (LHA long directory name) Local Overflow Exploit
No description provided by source. / stetoscope.c: Dr.Web 4.33 antivirus LHA directory name heap overflow for linux - Howto: Find a valid GOT entry to hijack with objdump -R /opt/drweb/drweb . I guess that you can use the address of free, but my exploit uses the address of realpath. There was a...
Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow
Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow / stetoscope.c: Dr.Web 4.33 antivirus LHA directory name heap overflow for linux - Howto: Find a valid GOT entry to hijack with objdump -R /opt/drweb/drweb . I guess that you can use the address of free, but my exploit uses the addres...
Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow
/ stetoscope.c: Dr.Web 4.33 antivirus LHA directory name heap overflow for linux - Howto: Find a valid GOT entry to hijack with objdump -R /opt/drweb/drweb . I guess that you can use the address of free, but my exploit uses the address of realpath. There was a NULL byte in the GOT entry of free s...
CVE-2005-3373
Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangero...
CVE-2005-3373
The CVE-2005-3373 entry describes a vulnerability in Dr.Web 4.32b where an interpretation error in the virus scanner allows a crafted file (e.g., BAT, HTML, or EML) containing an MZ magic byte sequence (normally for EXE) to be treated as a safe type, yet still be executable as a dangerous file by...
CVE-2005-3373
Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangero...
CVE-2005-3218
Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even...
CVE-2005-3218
The CVE affects Dr.Web Antivirus (unspecified versions) where a parsing interpretation error in RAR archives with malformed central/local headers can allow a remote attacker to bypass virus detection by delivering a malicious executable. The issue arises even though some archivers (e.g., Winrar, ...
Dr.Web scanMail Function Unspecified Overflow
The remote host is running Dr.Web - an antivirus program. There is a buffer overflow in the remote version of Dr.Web which might allow an attacker to execute arbitrary commands on the remote host. Very little details are known regarding this issue at this time. C Tenable Network Security, Inc...
Dr.Web for OpenBSD failure
Small stack size causes daemon fail to start if LocalScan = no configured whth message stack overflow in function int scanMailint, timet , int, int, const char...
Dr.Web File Name Handling Overflow
The remote host is running Dr.Web - an antivirus program. There is a flaw in the remote version of Dr.Web which may make it crash when scanning files whose name is excessively long. An attacker may use this flaw to execute arbitrary code on this host. To exploit it, an attacker would need to send...
Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/7022/info A buffer overflow vulnerability has been reported for Dr. Web virus scanner. The vulnerability is due to insufficient bounds checking when processing folder names. An attacker is able to exploit this vulnerability by creating a malicious folder...