CVE-2007-4510 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4510
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4510

Description: ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36177 http://xforce.iss.net/xforce/xfdb/36173 TRUSTIX http://www.trustix.org/errata/2007/0026/ SUSE http://www.novell.com/linux/security/advisories/2007_18_sr.html SREASON http://securityreason.com/securityalert/3054 SAID Secunia Advisory: SA29420 Secunia Advisory: SA26916 Secunia Advisory: SA26822 Secunia Advisory: SA26751 Secunia Advisory: SA26683 Secunia Advisory: SA26654 Secunia Advisory: SA26530 Secunia Advisory: SA26674 Secunia Advisory: SA26552 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:172 GENTOO http://security.gentoo.org/glsa/glsa-200709-14.xml FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1366 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 http://sourceforge.net/project/shownotes.php?release_id=533658 http://kolab.org/security/kolab-vendor-notice-17.txt BID 25398 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Return to the previous page.