Dr.Web File Name Handling Overflow

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.


Synopsis :

The antivirus scanner is vulnerable to a denial of service.

Description :

The remote host is running Dr.Web - an antivirus program.

There is a flaw in the remote version of Dr.Web which may make it
crash when scanning files whose name is excessively long.

An attacker may use this flaw to execute arbitrary code on this host.
To exploit it, an attacker would need to send a file to the remote
host and have it scanned by this software.

Solution :

Upgrade to version 4.29b or newer

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.6
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 11625 (drweb_overflow.nasl)

Bugtraq ID: 7022

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now