Lucene search

[email protected]CVE-2006-5647

HistoryNov 01, 2006 - 3:07 p.m.

CVE-2006-5647

2006-11-0115:07:00

CWE-119

[email protected]

web.nvd.nist.gov

sophos

anti-virus

endpoint security

cve-2006-5647

dos

memory corruption

arbitrary code execution

chm file vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.8 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka “CHM name length memory consumption vulnerability.”

Affected configurations

NVD

Node

sophosanti-virusMatch4.04

sophosanti-virusMatch4.05

sophosanti-virusMatch4.5.3

sophosanti-virusMatch4.5.4

sophosanti-virusMatch4.5.11

sophosanti-virusMatch4.5.12

sophosanti-virusMatch4.7.1

sophosanti-virusMatch4.7.2

sophosanti-virusMatch5.0.1

sophosanti-virusMatch5.0.2

sophosanti-virusMatch5.0.4

sophosanti-virusMatch5.1

sophosanti-virusMatch5.2

sophosanti-virusMatch5.2.1

sophosanti-virusMatch6.0.4

sophosendpoint_securityRange≤6.04

CPENameOperatorVersion
sophos:anti-virussophos anti-viruseq4.04
sophos:anti-virussophos anti-viruseq4.05
sophos:anti-virussophos anti-viruseq4.5.3
sophos:anti-virussophos anti-viruseq4.5.4
sophos:anti-virussophos anti-viruseq4.5.11
sophos:anti-virussophos anti-viruseq4.5.12
sophos:anti-virussophos anti-viruseq4.7.1
sophos:anti-virussophos anti-viruseq4.7.2
sophos:anti-virussophos anti-viruseq5.0.1
sophos:anti-virussophos anti-viruseq5.0.2

CPE	Name	Operator	Version
sophos:anti-virus	sophos anti-virus	eq	4.04
sophos:anti-virus	sophos anti-virus	eq	4.05
sophos:anti-virus	sophos anti-virus	eq	4.5.3
sophos:anti-virus	sophos anti-virus	eq	4.5.4
sophos:anti-virus	sophos anti-virus	eq	4.5.11
sophos:anti-virus	sophos anti-virus	eq	4.5.12
sophos:anti-virus	sophos anti-virus	eq	4.7.1
sophos:anti-virus	sophos anti-virus	eq	4.7.2
sophos:anti-virus	sophos anti-virus	eq	5.0.1
sophos:anti-virus	sophos anti-virus	eq	5.0.2

Rows per page:

1-10 of 161

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=451

secunia.com/advisories/22591

securitytracker.com/id?1017132

www.securityfocus.com/bid/20816

www.sophos.com/support/knowledgebase/article/7609.html

www.vupen.com/english/advisories/2006/4239

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7.8 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2006-5647

cvelist1 securityvulns1 nvd1