Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3373

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3373
Last Modified 07 Mar 2011 10:10:41
Published 30 Jul 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3373

Summary

The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

Vulnerable Systems

Application

  • Grisoft Avg Antivirus 7.1

  • Grisoft Avg Antivirus 7.5

  • Grisoft Avg Antivirus 8.0


References

XF - avg-upx-dos(44057)

VUPEN - ADV-2008-2225

SECTRACK - 1020570

BID - 30417

BUGTRAQ - 20080729 n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote)

MISC - http://www.nruns.com/advisories/%5Bn.runs-SA-2008%20004%5D%20-%20AVG%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt

CONFIRM - http://www.grisoft.com/ww.94247

SECUNIA - 31290


Last Updated: 27 May 2016 10:48:10