Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2012-6706  

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

Source
Severity Critical

Remote Yes

Type Arbitrary code execution

Description 

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

AVG-604 libunrar, unrar 1:5.5.4-1 1:5.5.5-1 Critical Fixed

AVG-602 clamav 0.99.3-1 0.99.4-1 Critical Fixed

18 Mar 2018 ASA-201803-14 AVG-602 clamav Critical multiple issues 

http://www.openwall.com/lists/oss-security/2017/06/21/9
https://bugs.chromium.org/p/project-zero/issues/detail?id=1286
https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started