cve-2008-6085
Vulnerability from cvelistv5
Published
2009-02-06 11:00
Modified
2024-08-07 11:20
Severity ?
Summary
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
References
cve@mitre.orghttp://secunia.com/advisories/32352Vendor Advisory
cve@mitre.orghttp://www.f-secure.com/security/fsc-2008-3.shtmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/31846
cve@mitre.orghttp://www.securitytracker.com/id?1021073
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2874
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/46016
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32352Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.f-secure.com/security/fsc-2008-3.shtmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31846
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021073
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2874
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/46016
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:20:25.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31846",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31846"
          },
          {
            "name": "1021073",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021073"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
          },
          {
            "name": "32352",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32352"
          },
          {
            "name": "ADV-2008-2874",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2874"
          },
          {
            "name": "fsecure-multipleproducts-rpm-bo(46016)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31846",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31846"
        },
        {
          "name": "1021073",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021073"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
        },
        {
          "name": "32352",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32352"
        },
        {
          "name": "ADV-2008-2874",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2874"
        },
        {
          "name": "fsecure-multipleproducts-rpm-bo(46016)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31846",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31846"
            },
            {
              "name": "1021073",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021073"
            },
            {
              "name": "http://www.f-secure.com/security/fsc-2008-3.shtml",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/security/fsc-2008-3.shtml"
            },
            {
              "name": "32352",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32352"
            },
            {
              "name": "ADV-2008-2874",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2874"
            },
            {
              "name": "fsecure-multipleproducts-rpm-bo(46016)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6085",
    "datePublished": "2009-02-06T11:00:00",
    "dateReserved": "2009-02-05T00:00:00",
    "dateUpdated": "2024-08-07T11:20:25.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B028C22E-399E-4A90-9673-64E4D510273E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1106DE08-DE9A-488B-8C5D-28E353CDEEEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*\", \"matchCriteriaId\": \"62204373-31FA-4F28-AA22-D4D6F3B80F9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47EC4EB-268A-4BB9-820D-AA3DB8D1A655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B68C319-313F-4CA5-9B37-D9860071E763\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.00\", \"matchCriteriaId\": \"7C3858F1-B23F-4E45-BD23-C8262AD37F50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.10\", \"matchCriteriaId\": \"F4D0AD44-C784-4019-B92C-A368092C815C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D622E750-A9AB-4EF3-BC2F-D7C3FFE8C961\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85EEA770-211A-4568-BB9F-9FE76D7BFCB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.61\", \"matchCriteriaId\": \"6B6FA161-27C8-40A5-BAF7-4907D67E3C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.00\", \"matchCriteriaId\": \"FDF7866B-1F6D-49C8-8013-2A6974D42D95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C775FD8-A757-41A6-BBC3-29BC9D2D12A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.54\", \"matchCriteriaId\": \"1D3E6352-6BF9-4FE6-A572-07A31972A28D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9523BF6D-AF64-4CFE-B017-695B6BB175C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E77AB622-B899-46FD-9DFA-1964B57A9458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8DB2DD7-86DC-440A-B8D9-0A84034E808F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.54\", \"matchCriteriaId\": \"5BD6D628-460F-4AF7-971E-401D58E48AF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66AB396E-475C-404F-BEE1-66DE9C3A7555\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0E6FC4F-F768-43FF-9627-DF41CD7D799C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.12\", \"matchCriteriaId\": \"7A5AE9AF-11E3-4CC5-BEE7-6ED5CF6FCEA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A8FC353-E7D7-4097-B206-C0ACB654E0E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13A9FDBE-1AAD-435A-BECF-2871864EAFA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.16\", \"matchCriteriaId\": \"4664D4A0-EB01-4274-9E1D-8EA5313F935A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.61\", \"matchCriteriaId\": \"C73ADB10-61D7-46E9-B293-1C798E297A5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89DC5D86-0C4A-4F94-83A2-DB21B868ACCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C788A5AB-C847-476C-9767-C6711F2D4EA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3972C7F1-8B78-4A5D-8A75-C6CA01E997DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*\", \"matchCriteriaId\": \"94858828-3626-4654-AB6A-597A49C79284\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D77467E5-A143-4720-93EE-29B399417065\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.01\", \"matchCriteriaId\": \"3F6ED823-E3F3-4444-86B5-BBD6D711B5B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.4\", \"matchCriteriaId\": \"7A5B1FA4-33A1-4EAD-A20F-C9A4AD64939C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25DB325A-39E6-4938-9761-D8DCD5A57C96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.10\", \"matchCriteriaId\": \"5A2E6D2C-5520-41DE-AF1D-7E47F9A99CE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6123A21D-BBB4-48D8-9701-7BFB637628C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.00\", \"matchCriteriaId\": \"C339068C-F74F-4B4B-AD15-09457CC85458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F11E5127-4DC8-48A4-9AF5-1C148B71C7E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FB0D1BB-B119-4996-859A-39348AEF36B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"721447B1-F577-48AB-A312-34306C485866\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de entero en m\\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, y otros, cuando ha sido configurado para escanear ficheros comprimidos internamente, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero comprimido RPM  manipulado, lo que provocar\\u00e1 un desbordamiento de b\\u00fafer.\"}]",
      "id": "CVE-2008-6085",
      "lastModified": "2024-11-21T00:55:37.937",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-02-06T11:30:00.467",
      "references": "[{\"url\": \"http://secunia.com/advisories/32352\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2008-3.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/31846\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1021073\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2874\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46016\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/32352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2008-3.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/31846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1021073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/2874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/46016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-6085\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-02-06T11:30:00.467\",\"lastModified\":\"2024-11-21T00:55:37.937\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en m\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security 2006 hasta 2008, Anti-Virus 2006 hasta 2008, y otros, cuando ha sido configurado para escanear ficheros comprimidos internamente, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero comprimido RPM  manipulado, lo que provocar\u00e1 un desbordamiento de b\u00fafer.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B028C22E-399E-4A90-9673-64E4D510273E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1106DE08-DE9A-488B-8C5D-28E353CDEEEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*\",\"matchCriteriaId\":\"62204373-31FA-4F28-AA22-D4D6F3B80F9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47EC4EB-268A-4BB9-820D-AA3DB8D1A655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B68C319-313F-4CA5-9B37-D9860071E763\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.00\",\"matchCriteriaId\":\"7C3858F1-B23F-4E45-BD23-C8262AD37F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.10\",\"matchCriteriaId\":\"F4D0AD44-C784-4019-B92C-A368092C815C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D622E750-A9AB-4EF3-BC2F-D7C3FFE8C961\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85EEA770-211A-4568-BB9F-9FE76D7BFCB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.61\",\"matchCriteriaId\":\"6B6FA161-27C8-40A5-BAF7-4907D67E3C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.00\",\"matchCriteriaId\":\"FDF7866B-1F6D-49C8-8013-2A6974D42D95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C775FD8-A757-41A6-BBC3-29BC9D2D12A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.54\",\"matchCriteriaId\":\"1D3E6352-6BF9-4FE6-A572-07A31972A28D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9523BF6D-AF64-4CFE-B017-695B6BB175C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E77AB622-B899-46FD-9DFA-1964B57A9458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8DB2DD7-86DC-440A-B8D9-0A84034E808F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.54\",\"matchCriteriaId\":\"5BD6D628-460F-4AF7-971E-401D58E48AF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66AB396E-475C-404F-BEE1-66DE9C3A7555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0E6FC4F-F768-43FF-9627-DF41CD7D799C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.12\",\"matchCriteriaId\":\"7A5AE9AF-11E3-4CC5-BEE7-6ED5CF6FCEA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A8FC353-E7D7-4097-B206-C0ACB654E0E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13A9FDBE-1AAD-435A-BECF-2871864EAFA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.16\",\"matchCriteriaId\":\"4664D4A0-EB01-4274-9E1D-8EA5313F935A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.61\",\"matchCriteriaId\":\"C73ADB10-61D7-46E9-B293-1C798E297A5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89DC5D86-0C4A-4F94-83A2-DB21B868ACCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C788A5AB-C847-476C-9767-C6711F2D4EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3972C7F1-8B78-4A5D-8A75-C6CA01E997DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*\",\"matchCriteriaId\":\"94858828-3626-4654-AB6A-597A49C79284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D77467E5-A143-4720-93EE-29B399417065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.01\",\"matchCriteriaId\":\"3F6ED823-E3F3-4444-86B5-BBD6D711B5B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.4\",\"matchCriteriaId\":\"7A5B1FA4-33A1-4EAD-A20F-C9A4AD64939C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DB325A-39E6-4938-9761-D8DCD5A57C96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.10\",\"matchCriteriaId\":\"5A2E6D2C-5520-41DE-AF1D-7E47F9A99CE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6123A21D-BBB4-48D8-9701-7BFB637628C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.00\",\"matchCriteriaId\":\"C339068C-F74F-4B4B-AD15-09457CC85458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F11E5127-4DC8-48A4-9AF5-1C148B71C7E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FB0D1BB-B119-4996-859A-39348AEF36B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"721447B1-F577-48AB-A312-34306C485866\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/32352\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2008-3.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31846\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021073\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2874\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46016\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2008-3.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/31846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/46016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.