CVE-2006-6458

Summary

CVE	CVE-2006-6458
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-12-11 17:28:00 UTC
Updated	2011-03-08 02:46:00 UTC
Description	The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Trend Micro	Officescan	7.3	All	All	All
Application	Trend Micro	Officescan	7.3	All	All	All
Application	Trend Micro	Pc Cillin - Internet Security 2006	All	All	All	All
Application	Trend Micro	Pc Cillin - Internet Security 2006	All	All	All	All
Application	Trend Micro	Serverprotect	5.58	All	emc	All
Application	Trend Micro	Serverprotect	5.58	All	emc	All

References

Reference	Source	Link	Tags
Trend Micro Products RAR Processing Denial Of Service - Advisories - Secunia	SECUNIA	secunia.com
20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability	IDEFENSE	labs.idefense.com
Multiple Trend Micro Antivirus RAR Archive Remote Denial Of Service Vulnerability	BID	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.