CVE-2007-2966

CVE	CVE-2007-2966
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-05-31 23:30:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

Primary CVSS: v2.0 7.5 from [email protected]

AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem Types: CWE-119 | n/a

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Type	Vendor	Product	Version	Update	Edition	Language
Application	F-secure	F-secure Anti-virus	2005	All	All	All
Application	F-secure	F-secure Anti-virus	2006	All	All	All
Application	F-secure	F-secure Anti-virus	2007	All	All	All
Application	F-secure	F-secure Anti-virus	All	All	linux_gateways	All
Application	F-secure	F-secure Anti-virus	All	All	linux_servers	All
Application	F-secure	F-secure Anti-virus	All	All	windows_servers	All
Application	F-secure	F-secure Anti-virus	All	All	workstations	All
Application	F-secure	F-secure Anti-virus	All	All	citrix_servers	All
Application	F-secure	F-secure Anti-virus	All	All	mimesweeper	All
Application	F-secure	F-secure Anti-virus	All	All	ms_exchange	All
Application	F-secure	F-secure Anti-virus Client Security	All	All	All	All
Application	F-secure	F-secure Anti-virus Linux Client Security	All	All	All	All
Application	F-secure	F-secure Anti-virus Linux Server Security	All	All	All	All
Application	F-secure	F-secure Internet Security	2005	All	All	All
Application	F-secure	F-secure Internet Security	2006	All	All	All
Application	F-secure	F-secure Internet Security	2007	All	All	All
Application	F-secure	F-secure Protection Service	All	All	consumers	All
Application	F-secure	Internet Gatekeeper	All	All	linux	All
Application	F-secure	Internet Gatekeeper	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

Reference	Source	Link	Tags
SecurityTracker.com Archives - F-Secure Anti-Virus Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
SecurityTracker.com Archives - F-Secure Internet Gatekeeper Lets Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
F-Secure Security Bulletin FSC-2007-1	af854a3a-2127-422b-91ae-364da2661108	www.f-secure.com	Patch, Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
SecurityTracker.com Archives - F-Secure Internet Security Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
osvdb.org/36724	af854a3a-2127-422b-91ae-364da2661108	osvdb.org
n.runs AG - Security Tools and Security Advisories	af854a3a-2127-422b-91ae-364da2661108	www.nruns.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
F-Secure Products LHA Archive Handling Buffer Overflow - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.