CVE-2008-5050

Exploit

EPSS 20.7%
Published 13.11.2008 02:30:01
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 28

Data is provided by the National Vulnerability Database (NVD)

Clam Anti-virus ≫ Clamav Version <= 0.94

Clam Anti-virus ≫ Clamav Version0.01

Clam Anti-virus ≫ Clamav Version0.02

Clam Anti-virus ≫ Clamav Version0.03

Clam Anti-virus ≫ Clamav Version0.04

Clam Anti-virus ≫ Clamav Version0.05

Clam Anti-virus ≫ Clamav Version0.06

Clam Anti-virus ≫ Clamav Version0.10

Clam Anti-virus ≫ Clamav Version0.11

Clam Anti-virus ≫ Clamav Version0.12

Clam Anti-virus ≫ Clamav Version0.13

Clam Anti-virus ≫ Clamav Version0.14

Clam Anti-virus ≫ Clamav Version0.14 Updatepre

Clam Anti-virus ≫ Clamav Version0.15

Clam Anti-virus ≫ Clamav Version0.20

Clam Anti-virus ≫ Clamav Version0.21

Clam Anti-virus ≫ Clamav Version0.22

Clam Anti-virus ≫ Clamav Version0.23

Clam Anti-virus ≫ Clamav Version0.24

Clam Anti-virus ≫ Clamav Version0.51

Clam Anti-virus ≫ Clamav Version0.52

Clam Anti-virus ≫ Clamav Version0.53

Clam Anti-virus ≫ Clamav Version0.54

Clam Anti-virus ≫ Clamav Version0.60

Clam Anti-virus ≫ Clamav Version0.60p

Clam Anti-virus ≫ Clamav Version0.65

Clam Anti-virus ≫ Clamav Version0.67

Clam Anti-virus ≫ Clamav Version0.68

Clam Anti-virus ≫ Clamav Version0.68.1

Clam Anti-virus ≫ Clamav Version0.70

Clam Anti-virus ≫ Clamav Version0.71

Clam Anti-virus ≫ Clamav Version0.72

Clam Anti-virus ≫ Clamav Version0.73

Clam Anti-virus ≫ Clamav Version0.74

Clam Anti-virus ≫ Clamav Version0.75

Clam Anti-virus ≫ Clamav Version0.75.1

Clam Anti-virus ≫ Clamav Version0.80

Clam Anti-virus ≫ Clamav Version0.80 Updaterc

Clam Anti-virus ≫ Clamav Version0.80 Updaterc2

Clam Anti-virus ≫ Clamav Version0.80 Updaterc3

Clam Anti-virus ≫ Clamav Version0.80 Updaterc4

Clam Anti-virus ≫ Clamav Version0.80_rc1

Clam Anti-virus ≫ Clamav Version0.80_rc2

Clam Anti-virus ≫ Clamav Version0.80_rc3

Clam Anti-virus ≫ Clamav Version0.80_rc4

Clam Anti-virus ≫ Clamav Version0.81

Clam Anti-virus ≫ Clamav Version0.81 Updaterc1

Clam Anti-virus ≫ Clamav Version0.81_rc1

Clam Anti-virus ≫ Clamav Version0.82

Clam Anti-virus ≫ Clamav Version0.83

Clam Anti-virus ≫ Clamav Version0.84

Clam Anti-virus ≫ Clamav Version0.84 Updaterc1

Clam Anti-virus ≫ Clamav Version0.84 Updaterc2

Clam Anti-virus ≫ Clamav Version0.84_rc1

Clam Anti-virus ≫ Clamav Version0.84_rc2

Clam Anti-virus ≫ Clamav Version0.85

Clam Anti-virus ≫ Clamav Version0.85.1

Clam Anti-virus ≫ Clamav Version0.86

Clam Anti-virus ≫ Clamav Version0.86 Updaterc1

Clam Anti-virus ≫ Clamav Version0.86.1

Clam Anti-virus ≫ Clamav Version0.86.2

Clam Anti-virus ≫ Clamav Version0.86_rc1

Clam Anti-virus ≫ Clamav Version0.87

Clam Anti-virus ≫ Clamav Version0.87.1

Clam Anti-virus ≫ Clamav Version0.88

Clam Anti-virus ≫ Clamav Version0.88.1

Clam Anti-virus ≫ Clamav Version0.88.2

Clam Anti-virus ≫ Clamav Version0.88.3

Clam Anti-virus ≫ Clamav Version0.88.4

Clam Anti-virus ≫ Clamav Version0.88.5

Clam Anti-virus ≫ Clamav Version0.88.6

Clam Anti-virus ≫ Clamav Version0.88.7

Clam Anti-virus ≫ Clamav Version0.88.7 Updatep0

Clam Anti-virus ≫ Clamav Version0.88.7 Updatep1

Clam Anti-virus ≫ Clamav Version0.90

Clam Anti-virus ≫ Clamav Version0.90.1

Clam Anti-virus ≫ Clamav Version0.90.1 Updatep0

Clam Anti-virus ≫ Clamav Version0.90.2

Clam Anti-virus ≫ Clamav Version0.90.2 Updatep0

Clam Anti-virus ≫ Clamav Version0.90.3

Clam Anti-virus ≫ Clamav Version0.90.3 Updatep0

Clam Anti-virus ≫ Clamav Version0.90.3 Updatep1

Clam Anti-virus ≫ Clamav Version0.90_rc1.1

Clam Anti-virus ≫ Clamav Version0.90_rc2

Clam Anti-virus ≫ Clamav Version0.90_rc3

Clam Anti-virus ≫ Clamav Version0.90rc1

Clam Anti-virus ≫ Clamav Version0.91

Clam Anti-virus ≫ Clamav Version0.91.1

Clam Anti-virus ≫ Clamav Version0.91.2

Clam Anti-virus ≫ Clamav Version0.91.2 Updatep0

Clam Anti-virus ≫ Clamav Version0.91rc1

Clam Anti-virus ≫ Clamav Version0.91rc2

Clam Anti-virus ≫ Clamav Version0.92

Clam Anti-virus ≫ Clamav Version0.92 Updatep0

Clam Anti-virus ≫ Clamav Version0.92.1

Clam Anti-virus ≫ Clamav Version0.93

Clam Anti-virus ≫ Clamav Version0.93.1

Clam Anti-virus ≫ Clamav Version0.93.2

Clam Anti-virus ≫ Clamav Version0.93.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	20.7%	0.954

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://secunia.com/advisories/33937

http://support.apple.com/kb/HT3438

http://www.vupen.com/english/advisories/2009/0422

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html

http://secunia.com/advisories/32872

http://secunia.com/advisories/32699

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html

Exploit

http://secunia.com/advisories/32663