Back to search
CVE-2008-5050
Published: Nov 13, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-3085
vdb-entry
x_refsource_VUPEN
4579
third-party-advisory
x_refsource_SREASON
33937
third-party-advisory
x_refsource_SECUNIA
DSA-1680
vendor-advisory
x_refsource_DEBIAN
32765
third-party-advisory
x_refsource_SECUNIA
clamav-getunicodename-bo(46462)
vdb-entry
x_refsource_XF
32207
vdb-entry
x_refsource_BID
33016
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3438
x_refsource_CONFIRM
20081109 ClamAV get_unicode_name() off-by-one buffer overflow
mailing-list
x_refsource_FULLDISC
APPLE-SA-2009-02-12
vendor-advisory
x_refsource_APPLE
1021159
vdb-entry
x_refsource_SECTRACK
32872
third-party-advisory
x_refsource_SECUNIA
GLSA-200812-21
vendor-advisory
x_refsource_GENTOO
20081108 ClamAV get_unicode_name() off-by-one buffer overflow
mailing-list
x_refsource_BUGTRAQ
FEDORA-2008-9651
vendor-advisory
x_refsource_FEDORA
ADV-2009-0422
vdb-entry
x_refsource_VUPEN
USN-672-1
vendor-advisory
x_refsource_UBUNTU
32663
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:229
vendor-advisory
x_refsource_MANDRIVA
33317
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:026
vendor-advisory
x_refsource_SUSE
32699
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-9644
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now