Intrusion Prevention

ClamAV.libclamav.MEW.PE.File.Handling.Integer.Overflow

Description

This indicates an attempt to exploit an integer overflow vulnerability in ClamAV.
The vulnerability can be triggered when the application processes malformed PE files. An unauthenticated attacker can exploit this vulnerability by delivering a crafted PE file to the scanning service, resulting in injection and execution of arbitrary code.

Affected Products

Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Clam Anti-Virus ClamAV 0.91.2

Impact

System Compromise: remote code execution.

Recommended Actions

Upgrade to the latest version of Clam AntiVirus (0.92 or later):
http://www.clamav.net/.

CVE References

CVE-2007-6335