Vulnerability Name:

CVE-2005-0350 (CCN-19140)

Assigned:2005-02-10
Published:2005-02-10
Updated:2008-09-05
Summary:Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0350

Source: MITRE
Type: CNA
CVE-2005-0533

Source: CCN
Type: SA14216
F-Secure Multiple Products ARJ Archive Handling Vulnerability

Source: CCN
Type: SA14396
Trend Micro Products AntiVirus Library Buffer Overflow

Source: CCN
Type: SECTRACK ID: 1013143
F-Secure Anti-Virus Buffer Overflow in Processing ARJ Archives Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1013289
TrendMicro OfficeScan Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1013290
TrendMicro PC-cillin Buffer Overflow in ARJ Parser Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Trend
ARJ Software, Inc.

Source: CCN
Type: F-Secure Security Bulletin FSC-2005-1
Code execution vulnerability in ARJ-archive handling

Source: CONFIRM
Type: Patch
http://www.f-secure.com/security/fsc-2005-1.shtml

Source: CCN
Type: OSVDB ID: 13704
F-Secure Multiple Products ARJ Archive Handling Overflow

Source: CCN
Type: OSVDB ID: 14133
Trend Micro Multiple Anti-Virus Products ARJ Archive Handling Overflow

Source: CCN
Type: OSVDB ID: 33043
Trend Micro VirusWall VSAPI Library libvsapi.so Local Overflow

Source: CCN
Type: BID-12515
F-Secure ARJ Handling Buffer Overflow Vulnerability

Source: CCN
Type: BID-12643
Trend Micro VSAPI ARJ Handling Heap Overflow Vulnerability

Source: CCN
Type: Trend Micro Web site
Vulnerability in VSAPI ARJ parsing could allow Remote Code execution

Source: CCN
Type: Internet Security Systems Protection Advisory February 10, 2005
F-Secure AntiVirus Library Heap Overflow

Source: ISS
Type: Patch, Vendor Advisory
20050210 F-Secure AntiVirus Library Heap Overflow

Source: XF
Type: UNKNOWN
arj-archive-long-filename-detected(19140)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_workstations:*:*:*:*:* (Version <= 4.52)
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_gateways:*:*:*:*:* (Version <= 4.61)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_servers:*:*:*:*:* (Version <= 4.61)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_client_security:*:*:*:*:* (Version <= 5.01)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_server_security:*:*:*:*:* (Version <= 5.01)
  • OR cpe:/a:f-secure:f-secure_anti-virus:5.5:*:citrix_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:windows_servers:*:*:*:*:* (Version <= 5.5)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:workstations:*:*:*:*:* (Version <= 5.43)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:mimesweeper:*:*:*:*:* (Version <= 5.51)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:client_security:*:*:*:*:* (Version <= 5.55)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:firewalls:*:*:*:*:* (Version <= 6.2)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:ms_exchange:*:*:*:*:* (Version <= 6.31)
  • OR cpe:/a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_personal_express:*:*:*:*:*:*:*:* (Version <= 5.10)
  • OR cpe:/a:f-secure:internet_gatekeeper:2.06:*:linux:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:* (Version <= 6.41)

    • Configuration CCN 1:
  • cpe:/a:trend_micro:officescan_corporate_edition:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:4.60::samba_servers:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:2.06::linux:*:*:*:*:*
  • OR cpe:/a:trend_micro:scanmail:10.2::~~~microsoft_exchange~~:*:*:*:*:*
  • OR cpe:/a:trend_micro:scanmail_emanager:*:*:*:*:*:*:*:*
  • OR cpe:/a:trend_micro:serverprotect:linux:*:*:*:*:*:*:*
  • OR cpe:/a:trend_micro:serverprotect:windows:*:*:*:*:*:*:*
  • OR cpe:/a:trend_micro:portalprotect:1.2::sharepoint:*:*:*:*:*
  • OR cpe:/a:trend_micro:pc-cillin_internet_security:14_14.00.1485:*:*:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_webprotect:gold::isa:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_webmanager:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_web_security_suite:gold::solaris:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_web_security_suite:gold::windows:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_web_security_suite:::linux:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_viruswall:3.0.1::linux:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_viruswall:3.52::windows:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_viruswall:gold::aix:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_viruswall:3.6::solaris:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_viruswall:gold::smb:*:*:*:*:*
  • OR cpe:/a:trend_micro:interscan_emanager:3.5.2::windows:*:*:*:*:*
  • OR cpe:/a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus 4.60
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus 5.5
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus 2004
    f-secure f-secure anti-virus 2005
    f-secure f-secure internet security 2004
    f-secure f-secure internet security 2005
    f-secure f-secure personal express *
    f-secure internet gatekeeper 2.06
    f-secure internet gatekeeper *
    trend_micro officescan corporate edition 6.5
    f-secure f-secure anti-virus 4.60
    f-secure internet gatekeeper 2.06
    trend_micro scanmail 10.2
    trend_micro scanmail emanager *
    trend_micro serverprotect linux
    trend_micro serverprotect windows
    trend_micro portalprotect 1.2
    trend_micro pc-cillin internet security 14_14.00.1485
    trend_micro interscan webprotect gold
    trend_micro interscan webmanager 1.2
    trend_micro interscan web security suite gold
    trend_micro interscan web security suite gold
    trend_micro interscan web security suite
    trend_micro interscan viruswall 3.0.1
    trend_micro interscan viruswall 3.52
    trend_micro interscan viruswall gold
    trend_micro interscan viruswall 3.6
    trend_micro interscan viruswall gold
    trend_micro interscan emanager 3.5.2
    f-secure internet gatekeeper 6.41