CVE-2005-3284

Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2005-48/advisory/	Exploit Vendor Advisory
http://global.ahnlab.com/security/security_advisory002.html	Vendor Advisory
http://secunia.com/advisories/16851	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/413260
http://www.securityfocus.com/bid/15091
http://www.osvdb.org/19955
http://securityreason.com/securityalert/80

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ahnlab:v3pro_2004:6.0.0.457:::::::*
	cpe:2.3:a:ahnlab:v3net:6.0.0.457::win_server:::::
	cpe:2.3:a:ahnlab:myv3:1.3.11.15:::::::*

Information

Published : 2005-10-23 03:02

Updated : 2008-09-05 13:53

NVD link : CVE-2005-3284

Mitre link : CVE-2005-3284

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ahnlab

myv3
v3pro_2004
v3net

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2005-48/advisory/", "name": "http://secunia.com/secunia_research/2005-48/advisory/", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://global.ahnlab.com/security/security_advisory002.html", "name": "http://global.ahnlab.com/security/security_advisory002.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/16851", "name": "16851", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/archive/1/413260", "name": "20051013 Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive HandlingBuffer Overflow", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/15091", "name": "15091", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/19955", "name": "19955", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/80", "name": "80", "tags": [], "refsource": "SREASON"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-3284", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-10-23T10:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ahnlab:v3pro_2004:6.0.0.457:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ahnlab:v3net:6.0.0.457:*:win_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ahnlab:myv3:1.3.11.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:53Z"}

7.5 /10