CVE-2006-0337

Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.f-secure.com/security/fsc-2006-1.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/16309
http://secunia.com/advisories/18529	Patch Vendor Advisory
http://www.osvdb.org/22632
http://securitytracker.com/id?1015507
http://securitytracker.com/id?1015508
http://securitytracker.com/id?1015509
http://securitytracker.com/id?1015510
http://www.ciac.org/ciac/bulletins/q-103.shtml
http://www.vupen.com/english/advisories/2006/0257
https://exchange.xforce.ibmcloud.com/vulnerabilities/24198

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f-secure:f-secure_anti-virus:2005:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.61::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.01::linux_server_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.11::linux_client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.11::linux_server_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.43::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::citrix_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.42::mimesweeper:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.32:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.01::linux_client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_servers:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.42:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.2::firewalls:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_workstations:::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2005:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:6.41:::::::*
	cpe:2.3:a:f-secure:internet_gatekeeper:2.06::linux:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.2::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:2.16::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_internet_security:2006:::::::*
	cpe:2.3:a:f-secure:f-secure_internet_security:2004:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.21::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.51::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.01::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.0::linux_server_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.52::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::windows_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.62::samba_servers:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.3:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.0::linux_client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.64::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.44::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.40::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.52::linux_gateways:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.14::linux:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::citrix_servers:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::mimesweeper:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_servers:::::
	cpe:2.3:a:f-secure:solutions_based_on_f-secure_personal_express:6.20:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_gateways:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.54::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.55::client_security:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.61::mimesweeper:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.4:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.40::workstations:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:6.31::ms_exchange:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.5::mimesweeper:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:2.6::linux:::::
	cpe:2.3:a:f-secure:f-secure_anti-virus:5.41::workstations:::::
	cpe:2.3:a:f-secure:internet_gatekeeper:6.31:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:4.51::linux_workstations:::::

Information

Published : 2006-01-20 16:03

Updated : 2017-07-19 18:29

NVD link : CVE-2006-0337

Mitre link : CVE-2006-0337

JSON object : View

CWE

NVD-CWE-Other

Products Affected

f-secure

internet_gatekeeper
f-secure_anti-virus
f-secure_internet_security
solutions_based_on_f-secure_personal_express

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.f-secure.com/security/fsc-2006-1.shtml", "name": "http://www.f-secure.com/security/fsc-2006-1.shtml", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/16309", "name": "16309", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18529", "name": "18529", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/22632", "name": "22632", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015507", "name": "1015507", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015508", "name": "1015508", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015509", "name": "1015509", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1015510", "name": "1015510", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.ciac.org/ciac/bulletins/q-103.shtml", "name": "Q-103", "tags": [], "refsource": "CIAC"}, {"url": "http://www.vupen.com/english/advisories/2006/0257", "name": "ADV-2006-0257", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24198", "name": "fsecure-zip-bo(24198)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0337", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-01-21T00:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.01:*:linux_server_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.11:*:linux_client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.11:*:linux_server_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.43:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:citrix_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.01:*:linux_client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:firewalls:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:2.06:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2.16:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.51:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_server_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.62:*:samba_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.64:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.44:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.40:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:2.14:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:citrix_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:solutions_based_on_f-secure_personal_express:6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.54:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.55:*:client_security:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.61:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.40:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:6.31:*:ms_exchange:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:mimesweeper:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:2.6:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:29Z"}

7.5 /10