Vulnerability Name:

CVE-2013-4602 (CCN-85099)

Assigned:2013-06-13
Published:2013-06-13
Updated:2020-02-18
Summary:A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 13 2013 - 07:57:09 CDT
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine

Source: MITRE
Type: CNA
CVE-2013-4602

Source: CCN
Type: Avira Web site
Avira Anti-Virus

Source: CCN
Type: BID-60552
Multiple Avira Products PDF Handling Remote Denial Of Service Vulnerability

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/60552

Source: MISC
Type: Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1028666

Source: MISC
Type: Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85099

Source: XF
Type: UNKNOWN
antivir-cve20134602-dos(85099)

Source: MISC
Type: Third Party Advisory, VDB Entry
https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html

Source: MISC
Type: Permissions Required, Third Party Advisory
https://vuldb.com/?id.9151

Vulnerable Configuration:Configuration 1:
  • cpe:/a:avira:antivir_mailgate:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivir_mailgate_suite:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivir_personal:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivir_sharepoint:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivir_webgate:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivir_webgate_suite:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:antivirus_server:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:exchange_security:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:professional_security:*:*:*:*:*:*:*:* (Version < 8.2.12.58)
  • OR cpe:/a:avira:savapi:*:*:*:*:*:*:*:* (Version < 8.2.12.58)

    • Configuration CCN 1:
  • cpe:/a:avira:antivir_personal:*:*:*:*:*:*:*:*
  • OR cpe:/a:avira:antivir_webgate:*:*:*:*:*:*:*:*
  • OR cpe:/a:avira:antivir_mailgate:*:*:*:*:*:*:*:*
  • OR cpe:/a:avira:antivir_sharepoint:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    avira antivir mailgate *
    avira antivir mailgate suite *
    avira antivir personal *
    avira antivir sharepoint *
    avira antivir webgate *
    avira antivir webgate suite *
    avira antivirus server *
    avira exchange security *
    avira professional security *
    avira savapi *
    avira antivir personal *
    avira antivir webgate *
    avira antivir mailgate *
    avira antivir sharepoint *