Summary
This host has ClamAV installed, and is prone to denial of service vulnerability.
Impact
A specially crafted VBA project when opened causes heap buffer overflow which can be exploited by attackers to execute arbitrary code on the system with clamd privileges or cause the application to crash.
Impact Level: Application
Solution
Upgrade to ClamAV 0.94.1
http://www.clamav.net/
Insight
The flaw exists due to an off-by-one error in the function get_unicode_name() in libclamav/vba_extract.c
Affected
ClamAV before 0.94.1 on Linux
References
Severity
Classification
-
CVE CVE-2008-5050 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 7-Zip Unspecified Archive Handling Vulnerability (Win)
- 7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability
- Apple iTunes Local Privilege Escalation Vulnerability
- CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)