Bug 679787 (CVE-2011-1003) - CVE-2011-1003 clamav: Double free error by reading VBA project strings
Summary: CVE-2011-1003 clamav: Double free error by reading VBA project strings
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2011-1003
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110121,reported=20110221,sou...
Depends On: 679793 679794
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-23 14:27 UTC by Jan Lieskovsky
Modified: 2019-06-08 18:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-07 22:02:33 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2011-02-23 14:27:02 UTC
A double free error was found in the way Clam AntiVirus
anti-virus toolkit processed certain project strings by 
extracting Visual Basic for Applications (VBA) source code 
for MS Office documents. A remote attacker could provide
a MS Office document, with embedded specially-crafted VBA
source code and trick the local user into checking the document
in the Clam AntiVirus toolkit, leading to clamscan executable
crash or, potentially, arbitrary code execution with the privileges
of the user running the tool.

Upstream bug report:
[1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486

Related patch:
[2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f

Comment 1 Jan Lieskovsky 2011-02-23 14:29:39 UTC
This issue affects the versions of the clamav package, as shipped
with Fedora release of 13 and 14.

This issue affects the version of the clamav package, as present
within EPEL-4 repository.

Please schedule the updates.

--

This issue does NOT affect the versions of the clamav package,
as present within EPEL-5 and EPEL-6 repositories. Relevant
clamav-0.97-2.el5 and clamav-0.97-2.el6 already contain a fix
for this issue.

Comment 2 Jan Lieskovsky 2011-02-23 14:30:50 UTC
Created clamav tracking bugs for this issue

Affects: epel-4 [bug 679793]
Affects: fedora-all [bug 679794]

Comment 3 Nick Bebout 2011-04-07 22:02:33 UTC
They should be pushed to stable, or will be soon.  Please reopen if bug still exists.


Note You need to log in before you can comment on or make changes to this bug.