Vulnerability Name:
CVE-2008-6536 (CCN-41247)
Assigned:
2008-03-17
Published:
2008-03-17
Updated:
2017-08-17
Summary:
Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
7.4 High
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-noinfo
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2008-6536
Source: OSVDB
Type: UNKNOWN
43649
Source: CCN
Type: SA29434
7-zip Unspecified Vulnerability
Source: SECUNIA
Type: Vendor Advisory
29434
Source: CCN
Type: SA50926
Oracle Solaris 7-zip Unspecified Vulnerability
Source: CCN
Type: 7-Zip Web site
Welcome to the 7-Zip Home!
Source: MISC
Type: UNKNOWN
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Source: MISC
Type: UNKNOWN
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
Source: CCN
Type: OSVDB ID: 43649
7-Zip Unspecified Archive Handling Issue
Source: BID
Type: UNKNOWN
28285
Source: CCN
Type: BID-28285
7-Zip Unspecified Archive Handling Vulnerability
Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2008-0914
Source: CONFIRM
Type: UNKNOWN
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Source: CCN
Type: Oracle Security Blog, Oct 23, 2012
CVE-2008-6536 Unspecified vulnerability in 7-zip
Source: XF
Type: UNKNOWN
7zip-archives-code-execution(41247)
Source: XF
Type: UNKNOWN
7zip-archives-code-execution(41247)
Source: CCN
Type: CERT-FI: 20469
CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats
Vulnerable Configuration:
Configuration 1
:
cpe:/a:7-zip:7-zip:3.13:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.20:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.23:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.24:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.25:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.26:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.27:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.28:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.29:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.30:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.31:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.32:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.33:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.34:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.35:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.36:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.37:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.38:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.39:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.40:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.41:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.42:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.43:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.44:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.45:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.46:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.47:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.48:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.49:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.50:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.51:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.52:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.53:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.54:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.55:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:*:beta:*:*:*:*:*:*
(Version <= 4.56)
Configuration CCN 1
:
cpe:/a:7-zip:7-zip:3.13:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.23:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.56:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.55:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.54:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.53:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.52:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.51:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.50:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.49:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.48:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.47:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.46:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.45:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.44:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.43:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.42:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.32:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.31:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.30:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.29:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.28:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.27:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.26:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.25:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.24:beta:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.20:*:*:*:*:*:*:*
OR
cpe:/a:7-zip:7-zip:4.57:*:*:*:*:*:*:*
AND
cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
OR
cpe:/o:sun:solaris:10::64bit:*:*:*:*:*
Denotes that component is vulnerable
BACK
7-zip
7-zip 3.13
7-zip
7-zip 4.20
7-zip
7-zip 4.23
7-zip
7-zip 4.24 beta
7-zip
7-zip 4.25 beta
7-zip
7-zip 4.26 beta
7-zip
7-zip 4.27 beta
7-zip
7-zip 4.28 beta
7-zip
7-zip 4.29 beta
7-zip
7-zip 4.30 beta
7-zip
7-zip 4.31
7-zip
7-zip 4.32
7-zip
7-zip 4.33 beta
7-zip
7-zip 4.34 beta
7-zip
7-zip 4.35 beta
7-zip
7-zip 4.36 beta
7-zip
7-zip 4.37 beta
7-zip
7-zip 4.38 beta
7-zip
7-zip 4.39 beta
7-zip
7-zip 4.40 beta
7-zip
7-zip 4.41 beta
7-zip
7-zip 4.42
7-zip
7-zip 4.43 beta
7-zip
7-zip 4.44 beta
7-zip
7-zip 4.45 beta
7-zip
7-zip 4.46 beta
7-zip
7-zip 4.47 beta
7-zip
7-zip 4.48 beta
7-zip
7-zip 4.49 beta
7-zip
7-zip 4.50 beta
7-zip
7-zip 4.51 beta
7-zip
7-zip 4.52 beta
7-zip
7-zip 4.53 beta
7-zip
7-zip 4.54 beta
7-zip
7-zip 4.55 beta
7-zip
7-zip * beta
7-zip
7-zip 3.13
7-zip
7-zip 4.23
7-zip
7-zip 4.56 beta
7-zip
7-zip 4.55 beta
7-zip
7-zip 4.54 beta
7-zip
7-zip 4.53 beta
7-zip
7-zip 4.52 beta
7-zip
7-zip 4.51 beta
7-zip
7-zip 4.50 beta
7-zip
7-zip 4.49 beta
7-zip
7-zip 4.48 beta
7-zip
7-zip 4.47 beta
7-zip
7-zip 4.46 beta
7-zip
7-zip 4.45 beta
7-zip
7-zip 4.44 beta
7-zip
7-zip 4.43 beta
7-zip
7-zip 4.42
7-zip
7-zip 4.32
7-zip
7-zip 4.31
7-zip
7-zip 4.30 beta
7-zip
7-zip 4.29 beta
7-zip
7-zip 4.28 beta
7-zip
7-zip 4.27 beta
7-zip
7-zip 4.26 beta
7-zip
7-zip 4.25 beta
7-zip
7-zip 4.24 beta
7-zip
7-zip 4.20
7-zip
7-zip 4.57
sun
solaris 9
sun
solaris 10