ClamAV Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

The host is installed with ClamAV and is prone to Denial of Service Vulnerability.

Impact

Attackers can exploit this issue by executing arbitrary code via a crafted URL in the context of affected application, and can cause denial of service. Impact Level: Application

Solution

Upgrade to ClamAV 0.95.1 http://www.clamav.net/download

Insight

- Error in CLI_ISCONTAINED macro in libclamav/others.h while processing malformed files packed with UPack. - Buffer overflow error in cli_url_canon() function in libclamav/phishcheck.c while handling specially crafted URLs.

Affected

ClamAV before 0.95.1 on Windows.

References

http://secunia.com/advisories/34612/
http://www.vupen.com/english/advisories/2009/0985

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1371, CVE-2009-1372
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)
FreeSSHd Remote Denial of Service Vulnerability
FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Win)

ClamAV Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities