Main Vulnerability Database SB2011112108

SB2011112108 - Resource management error in clamav (Alpine package)

Published: November 21, 2011

Security Bulletin ID SB2011112108

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: cve-2011-1003)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=d3125a44d429c9913efdeb02c67b565e12547e44