Vulnerabilities > CVE-2008-3243 - Unspecified vulnerability in F-Prot Antivirus and Scanning Engine
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN f-prot
nessus
Summary
Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.
Vulnerable Configurations
Nessus
NASL family Windows NASL id FPROT_MULTIPLE_VULNS.NASL description The version of F-PROT Anti-Virus installed on the remote Windows host contains flaws in the way it handles CHM, UPX-compressed, ASPack-compressed and certain Microsoft office files. - A malformed CHM file containing last seen 2020-06-01 modified 2020-06-02 plugin id 33549 published 2008-07-21 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33549 title F-PROT Antivirus Engine < 4.4.4 Multiple File Handling DoS Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200904-14.NASL description The remote host is affected by the vulnerability described in GLSA-200904-14 (F-PROT Antivirus: Multiple Denial of Service vulnerabilities) The following vulnerabilities were found: Multiple errors when processing UPX, ASPack or Microsoft Office files (CVE-2008-3243). Infinite Sergio Alvarez of n.runs AG reported an invalid memory access when processing a CHM file with a large nb_dir value (CVE-2008-3244). Jonathan Brossard from iViZ Techno Solutions reported that F-PROT Antivirus does not correctly process ELF binaries with corrupted headers (CVE-2008-5747). Impact : A remote attacker could entice a user or automated system to scan a specially crafted file, leading to a crash or infinite loop. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 36158 published 2009-04-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36158 title GLSA-200904-14 : F-PROT Antivirus: Multiple Denial of Service vulnerabilities
References
- http://secunia.com/advisories/31118
- http://secunia.com/advisories/31118
- http://www.f-prot.com/download/ReleaseNotesWindows.txt
- http://www.f-prot.com/download/ReleaseNotesWindows.txt
- http://www.securityfocus.com/bid/30258
- http://www.securityfocus.com/bid/30258
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43869
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43869
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43870