FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5050

This CVE name corresponds to:

Entered Topic
2008-11-10 clamav -- off-by-one heap overflow in VBA project parser

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5050 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-5050
Phase Assigned(20081112)

Description

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

References

Source Reference
BUGTRAQ 20081108 ClamAV get_unicode_name() off-by-one buffer overflow
FULLDISC 20081109 ClamAV get_unicode_name() off-by-one buffer overflow
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2009-02-12
DEBIAN DSA-1680
FEDORA FEDORA-2008-9644
FEDORA FEDORA-2008-9651
GENTOO GLSA-200812-21
MANDRIVA MDVSA-2008:229
SUSE SUSE-SR:2008:026
UBUNTU USN-672-1
BID 32207
SECTRACK 1021159
SECUNIA 32765
VUPEN ADV-2008-3085
VUPEN ADV-2009-0422
SECUNIA 32663
SECUNIA 32872
SECUNIA 32699
SECUNIA 33016
SECUNIA 33317
SECUNIA 33937
SREASON 4579
XF clamav-getunicodename-bo(46462)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.