header-logo
Suggest Exploit
vendor:
Clam AntiVirus
by:
Damian Put
9,3
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: Clam AntiVirus
Affected Version From: 0.88.4
Affected Version To: 0.88.4
Patch Exists: YES
Related CWE: CVE-2006-5135
CPE: a:clamav:clamav:0.88.4
Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2007-5135/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-5135/https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2007-5135/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2007-5135/https://www.rapid7.com/db/vulnerabilities/http-openssl-ssl_get_shared_ciphers_off-by-one-bof/https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2007-5135/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

Clam AntiVirus <= 0.88.4 (rebuildpe) Remote Heap Overflow PoC

Clam AntiVirus is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

Clam AntiVirus <= 0.88.4 (rebuildpe) Remote Heap Overflow PoC
Damian Put pucik[at]gazeta.pl 
	   pucik[@]overflow.pl
	   http://overflow.pl

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2

# milw0rm.com [2006-10-17]

Navigation

Suggest Exploit

Services By CQR