CVE-2005-3239 - The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a deni

CVE-2005-3239

Summary

The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.

References

Vulnerable Configurations

cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*
cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 02-04-2010 - 05:50)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	15101
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566 http://sourceforge.net/project/shownotes.php?release_id=368319
debian	DSA-887
gentoo	GLSA-200511-04
mandriva	MDKSA-2005:205
osvdb	20536
sectrack	1015154
secunia	17184 17448 17451 17501 17559
suse	SUSE-SR:2005:026

Last major update

02-04-2010 - 05:50

Published

14-10-2005 - 19:02

Last modified

02-04-2010 - 05:50