Vulnerability Name: | CVE-2007-2974 (CCN-34551) | ||||||||
Assigned: | 2007-05-29 | ||||||||
Published: | 2007-05-29 | ||||||||
Updated: | 2018-10-16 | ||||||||
Summary: | Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Mon May 28 2007 - 09:53:31 CDT n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory Source: MITRE Type: CNA CVE-2007-2974 Source: CONFIRM Type: Patch http://forum.antivir-pe.de/thread.php?threadid=22528 Source: FULLDISC Type: UNKNOWN 20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory Source: OSVDB Type: UNKNOWN 36712 Source: CCN Type: SA25417 Avira Antivir Multiple File Processing Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 25417 Source: SREASON Type: UNKNOWN 2764 Source: CCN Type: SECTRACK ID: 1018131 AntiVir Buffer Overflow in Processing LZH Files Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1018131 Source: CCN Type: Avira Web site Avira Products Source: MISC Type: Patch, Vendor Advisory http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt Source: CCN Type: OSVDB ID: 36712 Avira AntiVir Antivirus LZH Archive Handling Overflow Source: BUGTRAQ Type: UNKNOWN 20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory Source: BID Type: Patch 24187 Source: CCN Type: BID-24187 Avira Antivir Antivirus Multiple Remote Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-1971 Source: XF Type: UNKNOWN avira-antivir-lzh-bo(34551) Source: XF Type: UNKNOWN avira-antivir-lzh-bo(34551) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |