Resource management error in ClamAV

#VU32844 Resource management error in ClamAV

Published: 2011-02-23 | Updated: 2020-07-28

Vulnerability identifier: #VU32844

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: cve-2011-1003

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ClamAV
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: ClamAV

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ClamAV: 0.75 - 0.75.1, 0.85 - 0.85.1, 0.86 - 0.86.2, 0.87 - 0.87.1, 0.88 - 0.88.7, 0.90 - 0.90.1, 0.91, 0.92, 0.93 - 0.93.3, 0.94 - 0.94.2, 0.95 - 0.95.3, 0.96 - 0.96.5

External links
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/02/21/1
http://openwall.com/lists/oss-security/2011/02/21/4
http://osvdb.org/70937
http://secunia.com/advisories/43392
http://secunia.com/advisories/43498
http://secunia.com/advisories/43752
http://securitytracker.com/id?1025100
http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007
http://www.securityfocus.com/bid/46470
http://www.ubuntu.com/usn/USN-1076-1
http://www.vupen.com/english/advisories/2011/0453
http://www.vupen.com/english/advisories/2011/0458
http://www.vupen.com/english/advisories/2011/0523
http://exchange.xforce.ibmcloud.com/vulnerabilities/65544
http://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Resource management error in clamav (Alpine package)

Resource management error in ClamAV