CVE-2010-0098

Severity

99%

Complexity

99%

Confidentiality

165%

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 14 years ago

2010-04-08 17:30:00

Last updated 14 years ago

2010-08-31 05:41:00

Affected Software

ClamAV 0.01

0.01

ClamAV 0.02

0.02

ClamAV 0.03

0.03

ClamAV ClamAV 0.3

0.3

ClamAV 0.05

0.05

ClamAV 0.94 rc1

0.9

ClamAV 0.10

0.10

ClamAV 0.12

0.12

ClamAV 0.13

0.13

ClamAV 0.14

0.14

ClamAV 0.14 pre

0.14

ClamAV 0.15

0.15

ClamAV 0.20

0.20

ClamAV 0.21

0.21

ClamAV 0.22

0.22

ClamAV 0.23

0.23

ClamAV 0.24

0.24

ClamAV ClamAV 0.51

0.51

ClamAV 0.52

0.52

ClamAV 0.53

0.53

ClamAV ClamAV 0.54

0.54

ClamAV 0.60

0.60

ClamAV 0.60p

0.60p

ClamAV 0.65

0.65

ClamAV ClamAV 0.66

0.66

ClamAV 0.67

0.67

ClamAV ClamAV 0.67-1

0.67-1

ClamAV 0.68

0.68

ClamAV 0.68.1

0.68.1

ClamAV 0.70

0.70

ClamAV 0.70 Release Candidate

0.70

ClamAV 0.71

0.71

ClamAV 0.72

0.72

ClamAV 0.73

0.73

ClamAV 0.74

0.74

ClamAV 0.75

0.75

ClamAV 0.75.1

0.75.1

ClamAV 0.80

0.80

ClamAV 0.80 Release Candidate

0.80

ClamAV 0.80 Release Candidate 2

0.80

ClamAV 0.80 Release Candidate 3

0.80

ClamAV 0.80 Release Candidate 4

0.80

ClamAV 0.81

0.81

ClamAV 0.82

0.82

ClamAV 0.83

0.83

ClamAV 0.84

0.84

ClamAV 0.84 Release Candidate 1

0.84

ClamAV 0.84 Release Candidate 2

0.84

ClamAV 0.85

0.85

ClamAV 0.85.1

0.85.1

ClamAV 0.86

0.86

ClamAV 0.86 Release Candidate 1

0.86

ClamAV 0.86.1

0.86.1

ClamAV 0.86.2

0.86.2

ClamAV 0.87

0.87

ClamAV 0.87.1

0.87.1

ClamAV 0.88

0.88

ClamAV 0.88.1

0.88.1

ClamAV 0.88.2

0.88.2

ClamAV 0.88.3

0.88.3

ClamAV 0.88.4

0.88.4

ClamAV 0.88.5

0.88.5

ClamAV 0.88.6

0.88.6

ClamAV 0.88.7

0.88.7

ClamAV 0.90

0.90

ClamAV 0.90rc1

0.90

ClamAV 0.90 rc1.1

0.90

ClamAV 0.90 rc2

0.90

ClamAV 0.90 rc3

0.90

ClamAV 0.90.1

0.90.1

Clamav 0.90.2

0.90.2

ClamAV 0.90.3

0.90.3

ClamAV 0.91

0.91

ClamAV 0.91rc1

0.91

ClamAV 0.91rc2

0.91

ClamAV 0.91.1

0.91.1

ClamAV 0.91.2

0.91.2

ClamAV 0.92

0.92

ClamAV 0.92.1

0.92.1

ClamAV 0.93

0.93

ClamAV 0.93.1

0.93.1

ClamAV 0.93.2

0.93.2

ClamAV 0.93.3

0.93.3

ClamAV 0.94

0.94

ClamAV 0.94.1

0.94.1

ClamAV 0.94.2

0.94.2

ClamAV 0.95

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95.1

0.95.1

ClamAV 0.95.2

0.95.2

ClamAV 0.95.3

0.95.3

ClamAV 0.96 release candidate 1

0.96

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96

APPLE-SA-2010-08-24-1

SUSE-SR:2010:010

39293

39329

Vendor Advisory

39656

http://support.apple.com/kb/HT4312

MDVSA-2010:082

[oss-security] 20100406 ClamAV small issues

[oss-security] 20100407 Re: ClamAV small issues

39262

Patch

USN-926-1

ADV-2010-0827

ADV-2010-0832

ADV-2010-0909

ADV-2010-1001

ADV-2010-1206

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.