Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2007-2966
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:mimesweeper:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:internet_gatekeeper:*:*:linux:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:citrix_servers:*: |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_protection_service:*:*:consumers |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:linux_gateways:*: |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:windows_servers:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:ms_exchange:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:workstations:*:*: |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:linux_servers:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.f-secure.com/security/fsc-2007-1.shtml
- http://secunia.com/advisories/25426
- http://www.nruns.com/security_advisory_fsecure_lzh.php
- http://www.securityfocus.com/bid/24235
- http://www.securitytracker.com/id?1018146
- http://securitytracker.com/id?1018147
- http://www.securitytracker.com/id?1018148
- http://www.vupen.com/english/advisories/2007/1985
- http://osvdb.org/36724
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34575
- http://www.securityfocus.com/archive/1/470256/100/0/threaded