ClamAV.libclamav.MEW.PE.File.Handling.Integer.Overflow
Description
This indicates an attempt to exploit an integer overflow vulnerability in ClamAV.
The vulnerability can be triggered when the application processes malformed PE files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted PE file to the scanning service, resulting in injection and execution of arbitrary code.
Affected Products
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Clam Anti-Virus ClamAV 0.91.2
Impact
System Compromise: remote code execution.
Recommended Actions
Upgrade to the latest version of Clam AntiVirus (0.92 or later):
http://www.clamav.net/.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |