Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2011-1003
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.8/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.1_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.7_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.2_p0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.7_p1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://securitytracker.com/id?1025100
- http://www.vupen.com/english/advisories/2011/0453
- http://secunia.com/advisories/43392
- http://openwall.com/lists/oss-security/2011/02/21/4
- http://www.securityfocus.com/bid/46470
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
- http://openwall.com/lists/oss-security/2011/02/21/1
- http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007
- http://www.vupen.com/english/advisories/2011/0458
- http://www.vupen.com/english/advisories/2011/0523
- http://www.ubuntu.com/usn/USN-1076-1
- http://secunia.com/advisories/43498
- http://osvdb.org/70937
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html
- http://secunia.com/advisories/43752
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65544
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob%3Bf=ChangeLog%3Bhb=clamav-0.97
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=d21fb8d975f8c9688894a8cef