Newly found Vulnerabilities 04/17/08:

 

Multiple ClamAV Vulnerabilities

 

Clam AntiVirus has released ClamAV 0.93 to address multiple vulnerabilities. Two of these vulnerabilities are due to buffer overflow conditions in the handling of Upack executables in libclamav/pe.c and PeSpin packed executables in libclamav/spin.c. There are two additional vulnerabilities due to improper handling of ARJ and RAR archives. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
We encourage users to review the changelog and update to ClamAV 0.93 to help mitigate the risks.

 

Home

Comments