CVE-2007-2966

CVE	CVE-2007-2966
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-05-31 23:30:00 UTC
Updated	2018-10-16 16:46:00 UTC
Description	Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

Problem Types: CWE-119

Type	Vendor	Product	Version	Update	Edition	Language
Application	F-secure	F-secure Anti-virus	2005	All	All	All
Application	F-secure	F-secure Anti-virus	2006	All	All	All
Application	F-secure	F-secure Anti-virus	2007	All	All	All
Application	F-secure	F-secure Anti-virus	2005	All	All	All
Application	F-secure	F-secure Anti-virus	2006	All	All	All
Application	F-secure	F-secure Anti-virus	2007	All	All	All
Application	F-secure	F-secure Anti-virus	All	All	linux_gateways	All
Application	F-secure	F-secure Anti-virus	All	All	linux_servers	All
Application	F-secure	F-secure Anti-virus	All	All	windows_servers	All
Application	F-secure	F-secure Anti-virus	All	All	workstations	All
Application	F-secure	F-secure Anti-virus	All	All	citrix_servers	All
Application	F-secure	F-secure Anti-virus	All	All	mimesweeper	All
Application	F-secure	F-secure Anti-virus	All	All	ms_exchange	All
Application	F-secure	F-secure Anti-virus Client Security	All	All	All	All
Application	F-secure	F-secure Anti-virus Linux Client Security	All	All	All	All
Application	F-secure	F-secure Anti-virus Linux Server Security	All	All	All	All
Application	F-secure	F-secure Internet Security	2005	All	All	All
Application	F-secure	F-secure Internet Security	2006	All	All	All
Application	F-secure	F-secure Internet Security	2007	All	All	All
Application	F-secure	F-secure Internet Security	2005	All	All	All
Application	F-secure	F-secure Internet Security	2006	All	All	All
Application	F-secure	F-secure Internet Security	2007	All	All	All
Application	F-secure	F-secure Protection Service	All	All	consumers	All
Application	F-secure	Internet Gatekeeper	All	All	linux	All
Application	F-secure	Internet Gatekeeper	All	All	All	All

Reference	Source	Link	Tags
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability	BID	www.securityfocus.com
n.runs AG - Security Tools and Security Advisories	MISC	www.nruns.com
SecurityTracker.com Archives - F-Secure Internet Gatekeeper Lets Remote Users Execute Arbitrary Code	SECTRACK	securitytracker.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
F-Secure Products LHA Archive Handling Buffer Overflow - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
F-Secure Security Bulletin FSC-2007-1	CONFIRM	www.f-secure.com	Patch, Vendor Advisory
SecurityTracker.com Archives - F-Secure Internet Security Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges	SECTRACK	www.securitytracker.com
36724	OSVDB	osvdb.org
SecurityTracker.com Archives - F-Secure Anti-Virus Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.