Vulnerability Name:

CVE-2007-1672 (CCN-34080)

Assigned:2007-05-04
Published:2007-05-04
Updated:2018-10-16
Summary:avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
6.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: unzoo Web site
Tools

Source: CCN
Type: BugTraq Mailing List, Fri May 04 2007 - 10:14:45 CDT
Multiple vendors ZOO file decompression infinite loop DoS

Source: MITRE
Type: CNA
CVE-2007-1669

Source: MITRE
Type: CNA
CVE-2007-1670

Source: MITRE
Type: CNA
CVE-2007-1671

Source: MITRE
Type: CNA
CVE-2007-1672

Source: MITRE
Type: CNA
CVE-2007-1673

Source: MITRE
Type: CNA
CVE-2007-2535

Source: MITRE
Type: CNA
CVE-2007-2536

Source: OSVDB
Type: UNKNOWN
35794

Source: CCN
Type: SA25122
Barracuda Spam Firewall Zoo Denial of Service Vulnerability

Source: CCN
Type: SA25137
avast! Zoo Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
25137

Source: CCN
Type: SA25140
Avira AntiVir Zoo Denial of Service Vulnerability

Source: CCN
Type: SA25152
Panda AntiVirus Zoo Denial of Service Vulnerability

Source: CCN
Type: SA25315
Amavis Zoo Denial of Service Vulnerability

Source: SREASON
Type: UNKNOWN
2680

Source: CCN
Type: ASA-2007-2
ZOO archive decompression infinite loop DoS

Source: CCN
Type: avast! antivirus Web site
avast! antivirus updates

Source: CCN
Type: Avira AntiVir Web site
Anti virus for Linux, Windows and more with firewall, antispam, recovery security - Avira AntiVir

Source: CCN
Type: Barracuda Spam Firewall Web site
Spam Filter / Spam Firewall / Web Filter / Spam Appliance / Load Balancer / Content Filter

Source: CCN
Type: zoo archive Web site
zoo: ZOO archive utilities

Source: CCN
Type: OSVDB ID: 35794
avast! Antivirus Crafted Zoo Archive DoS

Source: CCN
Type: OSVDB ID: 35795
Barracuda Spam Firewall Malformed Zoo Archive DoS

Source: CCN
Type: OSVDB ID: 35845
Panda AntiVirus Malformed Zoo Archive Handling DoS

Source: CCN
Type: OSVDB ID: 35911
Avira AntiVir avpack32.dll Malformed Zoo Handling DoS

Source: CCN
Type: OSVDB ID: 36208
unzoo ZOO Archive Malformed direntry Structure DoS

Source: CCN
Type: OSVDB ID: 37302
zoo Decoder unzoo.c Malformed Zoo Archive Handling DoS

Source: CCN
Type: OSVDB ID: 41750
WinAce ZOO Archive Decompression Infinite Loop DoS

Source: CCN
Type: OSVDB ID: 41751
PicoZip ZOO Archive Decompression Infinite Loop DoS

Source: CCN
Type: Panda Software Antivirus Web site
Antivirus, anti-spyware, anti-spam, firewall. Protect yourself with Panda

Source: CCN
Type: PicoZip Web site
Zip and UnZip Files Easily - Download WinZip and PKZip compatible software

Source: BUGTRAQ
Type: UNKNOWN
20070504 Multiple vendors ZOO file decompression infinite loop DoS

Source: BID
Type: Exploit
23823

Source: CCN
Type: BID-23823
Multiple Vendors Zoo Compression Algorithm Remote Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-1701

Source: CCN
Type: WinAce Web site
WinAce - your archiving companion

Source: XF
Type: UNKNOWN
multiple-vendor-zoo-dos(34080)

Source: XF
Type: UNKNOWN
multiple-vendor-zoo-dos(34080)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:avast:avast_antivirus:*:*:*:*:*:*:*:* (Version <= 4.7.980)

    • * Denotes that component is vulnerable
    BACK
    avast avast antivirus *