1. CVE-Search
  2. CVE-2006-6627
ID CVE-2006-6627
Summary Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:softwin:bitdefender:isa_server:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender:isa_server:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender_antivirus:*:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender_antivirus:*:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender_antivirus:plus:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender_antivirus:plus:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender_internet_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender_internet_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:*:*:*:*:*:*:*
  • cpe:2.3:a:softwin:bitdefender_online_scanner:*:*:*:*:*:*:*:*
    cpe:2.3:a:softwin:bitdefender_online_scanner:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 21610
bugtraq 20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow
confirm http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html
fulldisc 20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow
sectrack 1017389
secunia 23415
sreason 2044
vupen ADV-2006-5040
xf bitdefender-pefile-bo(30904)
Last major update 17-10-2018 - 21:49
Published 18-12-2006 - 11:28
Last modified 17-10-2018 - 21:49
Back to Top