Vulnerabilities > CVE-2011-1003 - Resource Management Errors vulnerability in Clamav
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_CLAMAV-110221.NASL description Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue. (CVE-2011-1003) last seen 2020-06-01 modified 2020-06-02 plugin id 52765 published 2011-03-23 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52765 title SuSE 11.1 Security Update : clamav (SAT Patch Number 4155) NASL family Fedora Local Security Checks NASL id FEDORA_2011-2741.NASL description Update to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52646 published 2011-03-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52646 title Fedora 13 : clamav-0.97-1300.fc13 (2011-2741) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1076-1.NASL description It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications (VBA) data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52478 published 2011-03-01 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52478 title Ubuntu 9.10 / 10.04 LTS / 10.10 : clamav vulnerability (USN-1076-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_CLAMAV-110304.NASL description Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue (CVE-2011-1003). last seen 2020-06-01 modified 2020-06-02 plugin id 75450 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75450 title openSUSE Security Update : clamav (openSUSE-SU-2011:0208-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-2732.NASL description Update to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52591 published 2011-03-09 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52591 title Fedora 15 : clamav-0.97-1500.fc15 (2011-2732) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-20.NASL description The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56595 published 2011-10-24 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56595 title GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-2743.NASL description Update to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52647 published 2011-03-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52647 title Fedora 14 : clamav-0.97-1400.fc14 (2011-2743) NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7397.NASL description Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue. (CVE-2011-1003) last seen 2020-06-01 modified 2020-06-02 plugin id 57167 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57167 title SuSE 10 Security Update : clamav (ZYPP Patch Number 7397) NASL family Misc. NASL id CLAMAV_0_97.NASL description According to its version, the clamd antivirus daemon on the remote host is earlier than 0.97. Such versions reportedly are affected by multiple vulnerabilities : - As-yet unspecified double-free issues involving an error path exist in last seen 2020-06-01 modified 2020-06-02 plugin id 51935 published 2011-02-10 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51935 title ClamAV < 0.97 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_CLAMAV-7380.NASL description Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue. (CVE-2011-1003) last seen 2020-06-01 modified 2020-06-02 plugin id 52989 published 2011-03-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52989 title SuSE 10 Security Update : clamav (ZYPP Patch Number 7380) NASL family SuSE Local Security Checks NASL id SUSE_11_2_CLAMAV-110303.NASL description Specially crafted VBA data in Microsoft Office documents could crash clamav or potentially even cause execution of arbitrary code. clamav was updated to version 0.97 to fix the issue (CVE-2011-1003). last seen 2020-06-01 modified 2020-06-02 plugin id 53702 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53702 title openSUSE Security Update : clamav (openSUSE-SU-2011:0208-1)
References
- http://securitytracker.com/id?1025100
- http://www.vupen.com/english/advisories/2011/0453
- http://secunia.com/advisories/43392
- http://openwall.com/lists/oss-security/2011/02/21/4
- http://www.securityfocus.com/bid/46470
- https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
- http://openwall.com/lists/oss-security/2011/02/21/1
- http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007
- http://www.vupen.com/english/advisories/2011/0458
- http://www.vupen.com/english/advisories/2011/0523
- http://www.ubuntu.com/usn/USN-1076-1
- http://secunia.com/advisories/43498
- http://osvdb.org/70937
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html
- http://secunia.com/advisories/43752
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65544
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob%3Bf=ChangeLog%3Bhb=clamav-0.97
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=d21fb8d975f8c9688894a8cef4d50d977022e09f