Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). CanSecWest 2012 2nd Annual Cyber Security Hack In Paris	Clam AntiVirus ClamAV CHM Chunk Name Length DoS 17 Oct. 2006    Summary Clam AntiVirus is "a multi-platform GPL anti-virus toolkit. The main purpose of which is integration into electronic mail servers". Microsoft Compressed HTML Help (CHM) files are commonly used for windows based software documentation. Remote exploitation of a input validation vulnerability in Clam AntiVirus's ClamAV could allow attackers to crash the virus scanning service.   Credit: The information has been provided by iDefense Labs Security Advisories. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Clam AntiVirus ClamAV version 0.88.4 Immune Systems:  * Clam AntiVirus ClamAV version 0.88.5 The vulnerability specifically exists due to improper handling of an specially crafted CHM file. While processing such a file, ClamAV may attempt to read an invalid memory location resulting in abnormal termination of the scanning service. CVE Information: CVE-2006-5295 Disclosure Timeline: 09/28/2006 - Initial vendor notification 09/29/2006 - Initial vendor response 10/10/2006 - Second vendor notification 10/15/2006 - Coordinated public disclosure  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability Insight Control for Linux Multiple Vulnerabilities HP-UX Running NFS/ONCplus Denial of Service Vulnerability HP-UX Running BIND Denial of Service Vulnerability 2011 HP-UX Running XNTP Denial of Service Vulnerability HP-UX Denial of Service Vulnerability Webkit Detached Body Element Code Execution Vulnerability Mac OS X Compact Font Format Decoder Code Execution Vulnerability WebKit WBR Tag Removal Code Execution Vulnerability Webkit Undefined DOM Prototype Attach Code Execution Vulnerability Apple HFS Information Disclosure Vulnerability XPDF arbitrary Arbitrary Code Execution Vulnerabilities Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Code Execution Vulnerability Red Hat OpenJDK IcedTea6 ClassLoader Code Execution Vulnerability HP-UX Apache Running Tomcat Servlet Engine Remote Modification and Denial of Service Vulnerabilities  Featured Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Adobe Reader U3D IFF RGBA Parsing Code Execution Vulnerability Adobe Reader U3D PCX Parsing Code Execution Vulnerability Cisco Unified Service Monitor brstart add_dm Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2011 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®