Summary
The host is installed with ClamAV and is prone to Denial of Service Vulnerability.
Impact
Attackers can exploit this issue by executing arbitrary code via a crafted URL in the context of affected application, and can cause denial of service.
Impact Level: Application
Solution
Upgrade to ClamAV 0.95.1
http://www.clamav.net/download
Insight
- Error in CLI_ISCONTAINED macro in libclamav/others.h while processing malformed files packed with UPack.
- Buffer overflow error in cli_url_canon() function in libclamav/phishcheck.c while handling specially crafted URLs.
Affected
ClamAV before 0.95.1 on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1371, CVE-2009-1372 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities