CVE-2011-1003

Severity

68%

Complexity

86%

Confidentiality

106%

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 13 years ago

2011-02-23 19:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

ClamAV 0.01

0.01

ClamAV 0.02

0.02

ClamAV 0.03

0.03

ClamAV ClamAV 0.3

0.3

ClamAV 0.05

0.05

ClamAV 0.80 Release Candidate 3

0.8

ClamAV 0.94 rc1

0.9

ClamAV 0.10

0.10

ClamAV 0.12

0.12

ClamAV 0.13

0.13

ClamAV 0.14

0.14

ClamAV 0.14 pre

0.14

ClamAV 0.15

0.15

ClamAV 0.20

0.20

ClamAV 0.21

0.21

ClamAV 0.22

0.22

ClamAV 0.23

0.23

ClamAV 0.24

0.24

ClamAV ClamAV 0.51

0.51

ClamAV 0.52

0.52

ClamAV 0.53

0.53

ClamAV ClamAV 0.54

0.54

ClamAV 0.60

0.60

ClamAV 0.60p

0.60p

ClamAV 0.65

0.65

ClamAV ClamAV 0.66

0.66

ClamAV 0.67

0.67

ClamAV ClamAV 0.67-1

0.67-1

ClamAV 0.68

0.68

ClamAV 0.68.1

0.68.1

ClamAV 0.70

0.70

ClamAV 0.70 Release Candidate

0.70

ClamAV 0.71

0.71

ClamAV 0.72

0.72

ClamAV 0.73

0.73

ClamAV 0.74

0.74

ClamAV 0.75

0.75

ClamAV 0.75.1

0.75.1

ClamAV 0.80

0.80

ClamAV 0.80 Release Candidate

0.80

ClamAV 0.80 Release Candidate 1

0.80

ClamAV 0.80 Release Candidate 2

0.80

ClamAV 0.80 Release Candidate 3

0.80

ClamAV 0.80 Release Candidate 4

0.80

ClamAV 0.80 Release Candidate

0.80_rc

ClamAV 0.81

0.81

ClamAV 0.81 Release Candidate 1

0.81

ClamAV 0.82

0.82

ClamAV 0.83

0.83

ClamAV 0.84

0.84

ClamAV 0.84 Release Candidate 1

0.84

ClamAV 0.84 Release Candidate 2

0.84

ClamAV 0.85

0.85

ClamAV 0.85.1

0.85.1

ClamAV 0.86

0.86

ClamAV 0.86 Release Candidate 1

0.86

ClamAV 0.86.1

0.86.1

ClamAV 0.86.2

0.86.2

ClamAV 0.87

0.87

ClamAV 0.87.1

0.87.1

ClamAV 0.88

0.88

ClamAV 0.88.1

0.88.1

ClamAV 0.88.2

0.88.2

ClamAV 0.88.3

0.88.3

ClamAV 0.88.4

0.88.4

ClamAV 0.88.5

0.88.5

ClamAV 0.88.6

0.88.6

ClamAV 0.88.7

0.88.7

ClamAV 0.88.7 p0

0.88.7_p0

ClamAV 0.88.7 p1

0.88.7_p1

ClamAV 0.90

0.90

ClamAV 0.90rc1

0.90

ClamAV 0.90 rc1.1

0.90

ClamAV 0.90 rc2

0.90

ClamAV 0.90 rc3

0.90

ClamAV 0.90.1

0.90.1

ClamAV 0.90.1 p0

0.90.1_p0

Clamav 0.90.2

0.90.2

ClamAV 0.90.2 p0

0.90.2_p0

ClamAV 0.90.3

0.90.3

ClamAV 0.90.3 p0

0.90.3_p0

ClamAV 0.90.3 p1

0.90.3_p1

ClamAV 0.91

0.91

ClamAV 0.91rc1

0.91

ClamAV 0.91rc2

0.91

ClamAV 0.91.1

0.91.1

ClamAV 0.91.2

0.91.2

ClamAV 0.91.2 p0

0.91.2_p0

ClamAV 0.92

0.92

ClamAV 0.92.1

0.92.1

ClamAV 0.92 p0

0.92_p0

ClamAV 0.93

0.93

ClamAV 0.93.1

0.93.1

ClamAV 0.93.2

0.93.2

ClamAV 0.93.3

0.93.3

ClamAV 0.94

0.94

ClamAV 0.94.1

0.94.1

ClamAV 0.94.2

0.94.2

ClamAV 0.95

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95.1

0.95.1

ClamAV 0.95.2

0.95.2

ClamAV 0.95.3

0.95.3

ClamAV 0.96

0.96

ClamAV 0.96 release candidate 1

0.96

ClamAV 0.96 release candidate 2

0.96

ClamAV 0.96.1

0.96.1

ClamAV 0.96.2

0.96.2

ClamAV 0.96.3

0.96.3

ClamAV 0.96.4

0.96.4

ClamAV

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97

http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f

Patch

FEDORA-2011-2741

FEDORA-2011-2743

SUSE-SR:2011:005

[oss-security] 20110221 clamav 0.97

[oss-security] 20110221 Re: clamav 0.97

70937

43392

Vendor Advisory

43498

43752

1025100

MDVA-2011:007

46470

USN-1076-1

ADV-2011-0453

Vendor Advisory

ADV-2011-0458

Vendor Advisory

ADV-2011-0523

clamav-vbareadprojectstrings-dos(65544)

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.