CVE-2006-0337

Current Description

Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives.

Basic Data

PublishedJanuary 21, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF-secureF-secure Anti-virus2.16*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.51*linux_workstations*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.52*linux_workstations*****
    2.3ApplicationF-secureF-secure Anti-virus4.61*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.61*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.62*samba_servers*****
    2.3ApplicationF-secureF-secure Anti-virus4.64*linux_gateways*****
    2.3ApplicationF-secureF-secure Anti-virus4.64*linux_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.0*linux_client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.0*linux_server_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.01*linux_client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.01*linux_server_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.5*citrix_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.5*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.5*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.5*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.11*linux_client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.11*linux_server_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.40*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.41*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.42*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.43*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.44*workstations*****
    2.3ApplicationF-secureF-secure Anti-virus5.51*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus5.52*citrix_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.52*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.52*windows_servers*****
    2.3ApplicationF-secureF-secure Anti-virus5.54*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.55*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus5.61*mimesweeper*****
    2.3ApplicationF-secureF-secure Anti-virus6.01*client_security*****
    2.3ApplicationF-secureF-secure Anti-virus6.01*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.2*firewalls*****
    2.3ApplicationF-secureF-secure Anti-virus6.2*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.21*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.30*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.30_sr1*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.31*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus6.40*ms_exchange*****
    2.3ApplicationF-secureF-secure Anti-virus2004*******
    2.3ApplicationF-secureF-secure Anti-virus2005*******
    2.3ApplicationF-secureF-secure Anti-virus2006*******
    2.3ApplicationF-secureF-secure Internet Security2004*******
    2.3ApplicationF-secureF-secure Internet Security2005*******
    2.3ApplicationF-secureF-secure Internet Security2006*******
    2.3ApplicationF-secureInternet Gatekeeper2.06*linux*****
    2.3ApplicationF-secureInternet Gatekeeper2.6*linux*****
    2.3ApplicationF-secureInternet Gatekeeper2.14*linux*****
    2.3ApplicationF-secureInternet Gatekeeper6.3*******
    2.3ApplicationF-secureInternet Gatekeeper6.4*******
    2.3ApplicationF-secureInternet Gatekeeper6.31*******
    2.3ApplicationF-secureInternet Gatekeeper6.32*******
    2.3ApplicationF-secureInternet Gatekeeper6.41*******
    2.3ApplicationF-secureInternet Gatekeeper6.42*******
    2.3ApplicationF-secureSolutions Based On F-secure Personal Express6.20*******

Vulnerable Software List

VendorProductVersions
F-secure F-secure Anti-virus 2.16, 2004, 2005, 2006, 4.51, 4.52, 4.61, 4.62, 4.64, 5.0, 5.01, 5.11, 5.40, 5.41, 5.42, 5.43, 5.44, 5.5, 5.51, 5.52, 5.54, 5.55, 5.61, 6.01, 6.2, 6.21, 6.30, 6.30_sr1, 6.31, 6.40
F-secure F-secure Internet Security 2004, 2005, 2006
F-secure Solutions Based On F-secure Personal Express 6.20
F-secure Internet Gatekeeper 2.06, 2.14, 2.6, 6.3, 6.31, 6.32, 6.4, 6.41, 6.42

References

NameSourceURLTags
18529http://secunia.com/advisories/18529SECUNIAPatch Vendor Advisory
1015507http://securitytracker.com/id?1015507SECTRACK
1015508http://securitytracker.com/id?1015508SECTRACK
1015509http://securitytracker.com/id?1015509SECTRACK
1015510http://securitytracker.com/id?1015510SECTRACK
Q-103http://www.ciac.org/ciac/bulletins/q-103.shtmlCIAC
http://www.f-secure.com/security/fsc-2006-1.shtmlhttp://www.f-secure.com/security/fsc-2006-1.shtmlCONFIRMPatch Vendor Advisory
22632http://www.osvdb.org/22632OSVDB
16309http://www.securityfocus.com/bid/16309BID
ADV-2006-0257http://www.vupen.com/english/advisories/2006/0257VUPEN
fsecure-zip-bo(24198)https://exchange.xforce.ibmcloud.com/vulnerabilities/24198XF