Bug 679787 (CVE-2011-1003)

Summary: CVE-2011-1003 clamav: Double free error by reading VBA project strings
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: nathanael, nb, ondrejj, redhat-bugzilla, rh-bugzilla, steve
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-07 22:02:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 679793, 679794    
Bug Blocks:    

Description Jan Lieskovsky 2011-02-23 14:27:02 UTC 
A double free error was found in the way Clam AntiVirus
anti-virus toolkit processed certain project strings by 
extracting Visual Basic for Applications (VBA) source code 
for MS Office documents. A remote attacker could provide
a MS Office document, with embedded specially-crafted VBA
source code and trick the local user into checking the document
in the Clam AntiVirus toolkit, leading to clamscan executable
crash or, potentially, arbitrary code execution with the privileges
of the user running the tool.

Upstream bug report:
[1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486

Related patch:
[2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
Comment 1 Jan Lieskovsky 2011-02-23 14:29:39 UTC 
This issue affects the versions of the clamav package, as shipped
with Fedora release of 13 and 14.

This issue affects the version of the clamav package, as present
within EPEL-4 repository.

Please schedule the updates.

--

This issue does NOT affect the versions of the clamav package,
as present within EPEL-5 and EPEL-6 repositories. Relevant
clamav-0.97-2.el5 and clamav-0.97-2.el6 already contain a fix
for this issue.
Comment 2 Jan Lieskovsky 2011-02-23 14:30:50 UTC 
Created clamav tracking bugs for this issue

Affects: epel-4 [bug 679793]
Affects: fedora-all [bug 679794]
Comment 3 Nick Bebout 2011-04-07 22:02:33 UTC 
They should be pushed to stable, or will be soon.  Please reopen if bug still exists.