CVE-2007-2650 - Secunia.com

CVE Reference: CVE-2007-2650
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2650

Description: The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

CVE Status: Candidate

References: TRUSTIX http://www.trustix.org/errata/2007/0020/ SUSE http://www.novell.com/linux/security/advisories/2007_33_clamav.html SAID Secunia Advisory: SA25523 Secunia Advisory: SA25244 Secunia Advisory: SA25553 Secunia Advisory: SA25525 Secunia Advisory: SA25558 Secunia Advisory: SA25688 Secunia Advisory: SA25796 MLIST http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html MISC http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:115 GENTOO http://security.gentoo.org/glsa/glsa-200706-05.xml DEBIAN http://www.debian.org/security/2007/dsa-1320 CONFIRM http://kolab.org/security/kolab-vendor-notice-15.txt http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog BID 24316

Return to the previous page.

Secunia