CVE-2008-5050

Executive Summary

Informations
Name	CVE-2008-5050	First vendor Publication	2008-11-12
Vendor	Cve	Last vendor Modification	2012-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5050

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Clam Anti-Virus Clamav cpe:/a:clam_anti-virus:clamav:0.94 cpe:/a:clam_anti-virus:clamav:0.93.3 cpe:/a:clam_anti-virus:clamav:0.93.2 cpe:/a:clam_anti-virus:clamav:0.93.1 cpe:/a:clam_anti-virus:clamav:0.93 cpe:/a:clam_anti-virus:clamav:0.92.1 cpe:/a:clam_anti-virus:clamav:0.92:p0 cpe:/a:clam_anti-virus:clamav:0.92 cpe:/a:clam_anti-virus:clamav:0.91rc2 cpe:/a:clam_anti-virus:clamav:0.91rc1 cpe:/a:clam_anti-virus:clamav:0.91.2:p0 cpe:/a:clam_anti-virus:clamav:0.91.2 cpe:/a:clam_anti-virus:clamav:0.91.1 cpe:/a:clam_anti-virus:clamav:0.91 cpe:/a:clam_anti-virus:clamav:0.90rc1 cpe:/a:clam_anti-virus:clamav:0.90.3:p1 cpe:/a:clam_anti-virus:clamav:0.90.3:p0 cpe:/a:clam_anti-virus:clamav:0.90.3 cpe:/a:clam_anti-virus:clamav:0.90.2 cpe:/a:clam_anti-virus:clamav:0.90.2:p0 cpe:/a:clam_anti-virus:clamav:0.90.1:p0 cpe:/a:clam_anti-virus:clamav:0.90.1 cpe:/a:clam_anti-virus:clamav:0.90_rc3 cpe:/a:clam_anti-virus:clamav:0.90_rc2 cpe:/a:clam_anti-virus:clamav:0.90_rc1.1 cpe:/a:clam_anti-virus:clamav:0.90 cpe:/a:clam_anti-virus:clamav:0.88.7 cpe:/a:clam_anti-virus:clamav:0.88.7:p1 cpe:/a:clam_anti-virus:clamav:0.88.7:p0 cpe:/a:clam_anti-virus:clamav:0.88.6 cpe:/a:clam_anti-virus:clamav:0.88.5 cpe:/a:clam_anti-virus:clamav:0.88.4 cpe:/a:clam_anti-virus:clamav:0.88.3 cpe:/a:clam_anti-virus:clamav:0.88.2 cpe:/a:clam_anti-virus:clamav:0.88.1 cpe:/a:clam_anti-virus:clamav:0.88 cpe:/a:clam_anti-virus:clamav:0.87.1 cpe:/a:clam_anti-virus:clamav:0.87 cpe:/a:clam_anti-virus:clamav:0.86.2 cpe:/a:clam_anti-virus:clamav:0.86.1 cpe:/a:clam_anti-virus:clamav:0.86_rc1 cpe:/a:clam_anti-virus:clamav:0.86:rc1 cpe:/a:clam_anti-virus:clamav:0.86 cpe:/a:clam_anti-virus:clamav:0.85.1 cpe:/a:clam_anti-virus:clamav:0.85 cpe:/a:clam_anti-virus:clamav:0.84_rc2 cpe:/a:clam_anti-virus:clamav:0.84_rc1 cpe:/a:clam_anti-virus:clamav:0.84:rc1 cpe:/a:clam_anti-virus:clamav:0.84 cpe:/a:clam_anti-virus:clamav:0.84:rc2 cpe:/a:clam_anti-virus:clamav:0.83 cpe:/a:clam_anti-virus:clamav:0.82 cpe:/a:clam_anti-virus:clamav:0.81_rc1 cpe:/a:clam_anti-virus:clamav:0.81:rc1 cpe:/a:clam_anti-virus:clamav:0.81 cpe:/a:clam_anti-virus:clamav:0.80_rc4 cpe:/a:clam_anti-virus:clamav:0.80_rc3 cpe:/a:clam_anti-virus:clamav:0.80_rc2 cpe:/a:clam_anti-virus:clamav:0.80_rc1 cpe:/a:clam_anti-virus:clamav:0.80:rc2 cpe:/a:clam_anti-virus:clamav:0.80 cpe:/a:clam_anti-virus:clamav:0.80:rc cpe:/a:clam_anti-virus:clamav:0.80:rc4 cpe:/a:clam_anti-virus:clamav:0.80:rc3 cpe:/a:clam_anti-virus:clamav:0.75.1 cpe:/a:clam_anti-virus:clamav:0.75 cpe:/a:clam_anti-virus:clamav:0.74 cpe:/a:clam_anti-virus:clamav:0.73 cpe:/a:clam_anti-virus:clamav:0.72 cpe:/a:clam_anti-virus:clamav:0.71 cpe:/a:clam_anti-virus:clamav:0.70 cpe:/a:clam_anti-virus:clamav:0.68.1 cpe:/a:clam_anti-virus:clamav:0.68 cpe:/a:clam_anti-virus:clamav:0.67 cpe:/a:clam_anti-virus:clamav:0.65 cpe:/a:clam_anti-virus:clamav:0.60p cpe:/a:clam_anti-virus:clamav:0.60 cpe:/a:clam_anti-virus:clamav:0.54 cpe:/a:clam_anti-virus:clamav:0.53 cpe:/a:clam_anti-virus:clamav:0.52 cpe:/a:clam_anti-virus:clamav:0.51 cpe:/a:clam_anti-virus:clamav:0.24 cpe:/a:clam_anti-virus:clamav:0.23 cpe:/a:clam_anti-virus:clamav:0.22 cpe:/a:clam_anti-virus:clamav:0.21 cpe:/a:clam_anti-virus:clamav:0.20 cpe:/a:clam_anti-virus:clamav:0.15 cpe:/a:clam_anti-virus:clamav:0.14:pre cpe:/a:clam_anti-virus:clamav:0.14 cpe:/a:clam_anti-virus:clamav:0.13 cpe:/a:clam_anti-virus:clamav:0.12 cpe:/a:clam_anti-virus:clamav:0.11 cpe:/a:clam_anti-virus:clamav:0.10 cpe:/a:clam_anti-virus:clamav:0.06 cpe:/a:clam_anti-virus:clamav:0.05 cpe:/a:clam_anti-virus:clamav:0.04 cpe:/a:clam_anti-virus:clamav:0.03 cpe:/a:clam_anti-virus:clamav:0.02 cpe:/a:clam_anti-virus:clamav:0.01	99

Open Source Vulnerability Database (OSVDB)

id	Description
49832	ClamAV libclamav/vba_extract.c get_unicode_name() Function Off-by-one Overflow

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BID	http://www.securityfocus.com/bid/32207
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/498169/100/0/threaded
CONFIRM	http://sourceforge.net/project/shownotes.php?release_id=637952&group_id=8... http://support.apple.com/kb/HT3438
DEBIAN	http://www.debian.org/security/2008/dsa-1680
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg0033... https://www.redhat.com/archives/fedora-package-announce/2008-November/msg0034...
FULLDISC	http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html
GENTOO	http://security.gentoo.org/glsa/glsa-200812-21.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:229
SECTRACK	http://www.securitytracker.com/id?1021159
SECUNIA	http://secunia.com/advisories/32663 http://secunia.com/advisories/32699 http://secunia.com/advisories/32765 http://secunia.com/advisories/32872 http://secunia.com/advisories/33016 http://secunia.com/advisories/33317 http://secunia.com/advisories/33937
SREASON	http://securityreason.com/securityalert/4579
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
UBUNTU	http://www.ubuntu.com/usn/usn-672-1
VUPEN	http://www.vupen.com/english/advisories/2008/3085 http://www.vupen.com/english/advisories/2009/0422
XF	http://xforce.iss.net/xforce/xfdb/46462

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:30:42	Multiple Updates

Type	Count
CPE ID(s)	99
osvdb(s)	1

Related	Severity
USN-672-1	(Critical)
MDVSA-2008:229	(Critical)
GLSA-200812-21	(Critical)
DSA-1680	(Critical)

Same Subject	Severity
Login to view 1 more Alert(s)

CVE-2008-5050

Executive Summary

Security-Database Scoring CVSS v2

Security Protection

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU