Vulnerability Details CVE-2007-2966
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/36724
- http://secunia.com/advisories/25426
- http://securitytracker.com/id?1018147
- http://www.f-secure.com/security/fsc-2007-1.shtml
- http://www.nruns.com/security_advisory_fsecure_lzh.php
- http://www.securityfocus.com/archive/1/470256/100/0/threaded
- http://www.securityfocus.com/bid/24235
- http://www.securitytracker.com/id?1018146
- http://www.securitytracker.com/id?1018148
- http://www.vupen.com/english/advisories/2007/1985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34575
- http://osvdb.org/36724
- http://secunia.com/advisories/25426
- http://securitytracker.com/id?1018147
- http://www.f-secure.com/security/fsc-2007-1.shtml
- http://www.nruns.com/security_advisory_fsecure_lzh.php
- http://www.securityfocus.com/archive/1/470256/100/0/threaded
- http://www.securityfocus.com/bid/24235
- http://www.securitytracker.com/id?1018146
- http://www.securitytracker.com/id?1018148
- http://www.vupen.com/english/advisories/2007/1985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34575
Products affected by CVE-2007-2966
-
cpe:2.3:a:f-secure:f-secure_anti-virus:*
-
cpe:2.3:a:f-secure:f-secure_anti-virus:2005
-
cpe:2.3:a:f-secure:f-secure_anti-virus:2006
-
cpe:2.3:a:f-secure:f-secure_anti-virus:2007
-
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:*
-
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*
-
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*
-
cpe:2.3:a:f-secure:f-secure_internet_security:2005
-
cpe:2.3:a:f-secure:f-secure_internet_security:2006
-
cpe:2.3:a:f-secure:f-secure_internet_security:2007
-
cpe:2.3:a:f-secure:f-secure_protection_service:*
-
cpe:2.3:a:f-secure:internet_gatekeeper:*
-
cpe:2.3:a:f-secure:internet_gatekeeper:-