This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote antivirus service is affected by a buffer overflow
According to its version, the clamd antivirus daemon on the remote
host is earlier than 0.94.1. Such versions have an off-by-one heap
overflow vulnerability in the code responsible for parsing VBA project
files, specifically in the 'get_unicode_name()' function of
'libclamav/vba_extract.c', when a specific 'name' buffer is passed to
Using a specially crafted VBA project file embedded in an OLE2 Office
document, a remote attacker can trigger this vulnerability and execute
arbitrary code on the remote host with the privileges of the 'clamd'
See also :
Upgrade to ClamAV 0.94.1 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false
Family: Gain a shell remotely
Nessus Plugin ID: 34729 (clamav_0_94_1.nasl)
Bugtraq ID: 32207
CVE ID: CVE-2008-5050
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.