Vulnerabilities

CVE-2007-1997

by Fred · 16/04/2007

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

Date published : 2007-04-16

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://www.securityfocus.com/bid/23473

Similar

Tags: Cybersecurity Alert