| CVE ID | CVE-2006-0162 |
| CVSS SCORE | |
| AFFECTED VENDORS |
Clam AntiVirus |
| AFFECTED PRODUCTS |
Clam AntiVirus |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['3975']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created. |
| ADDITIONAL DETAILS |
Addressed in Clam AntiVirus version 0.88: http://sf.net/project/shownotes.php?release_id=384086&group_id=86638 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
