FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- off-by-one heap overflow in VBA project parser

Affected packages
clamav < 0.94.1
clamav-devel < 20081105

Details

VuXML ID 24b64fb0-af1d-11dd-8a16-001b1116b350
Discovery 2008-11-08
Entry 2008-11-10

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<

References

CVE Name CVE-2008-5050
URL http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
URL http://www.securityfocus.com/archive/1/498169/30/0/threaded