Name:
ClamAV.libclamav.PE.File.Handling.Integer.Overflow
Released Date:
Apr 24 2008
Severity:
critical
CVE:
2008-0318
Bugtraq:
27751

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit an integer overflow vulnerability in Clam AntiVirus (ClamAV).

The vulnerability is caused by an integer overflow error that occurs in the "libclamav/pe.c" file when handling certain PE files. It can be exploited to crash the application or execute arbitrary code.
 
Impact
System Compromise: remote code execution.
Denial of Service.
 
Affected Products
ClamAV prior to 0.92.1
Aliases
References
http://www.securityfocus.com/bid/27751
http://www.frsirt.com/english/advisories/2008/0503
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0318
Recommended Actions
Upgrade to the latest version of ClamAV (0.92.1 or later):
http://sourceforge.net/project/shownotes.php?release_id=575703.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED