Lucene search
AnonymousZDI-06-001HistoryJan 12, 2006 - 12:00 a.m.
Clam AntiVirus UPX Unpacking Code Execution Vulnerability
2006-01-1200:00:00
Anonymous
www.zerodayinitiative.com
12
0.374 Low
EPSS
Percentile
97.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.
Related
cve
cve
CVE-2006-0162
2006-01-10 19:03:00
nessus
nessus
FreeBSD : clamav -- possible heap overflow in the UPX code (612a34ec-81dc-11da-a043-0002a5c3d308)
2006-05-13 00:00:00
Debian DSA-947-2 : clamav - heap overflow
2006-10-14 00:00:00
GLSA-200601-07 : ClamAV: Remote execution of arbitrary code
2006-01-15 00:00:00
securityvulns
securityvulns
nvd
nvd
CVE-2006-0162
2006-01-10 19:03:00
freebsd
freebsd
clamav -- possible heap overflow in the UPX code
2006-01-09 00:00:00
openvas
openvas
Debian Security Advisory DSA 947-2 (clamav)
2008-01-17 00:00:00
FreeBSD Ports: clamav
2008-09-04 00:00:00
Debian Security Advisory DSA 947-1 (clamav)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow
2006-01-20 10:57:26
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow
2006-01-20 10:57:26
[SECURITY] [DSA 947-2] New clamav packages fix heap overflow
2006-01-25 11:32:43
debiancve
debiancve
CVE-2006-0162
2006-01-10 19:03:00
cvelist
cvelist
CVE-2006-0162
2006-01-10 19:00:00
prion
prion
Heap overflow
2006-01-10 19:03:00
cert
cert
gentoo
gentoo
ClamAV: Remote execution of arbitrary code
2006-01-13 00:00:00
ubuntucve
ubuntucve
CVE-2006-0162
2006-01-10 00:00:00