ClamAV < 0.88.0 UPX File Processing Overflow (deprecated)

High Nessus Network Monitor Plugin ID 3362


The remote host is vulnerable to a heap overflow.


The remote host is running ClamAV, an open-source antivirus solution for Unix and Windows systems. This version of ClamAV is reported to be vulnerable to a flaw where the parsing of a malicious file will cause the clamav process to execute arbitrary code. While the details of the attack are currently unknown, it is rumoured that an attacker exploiting this flaw would only need to be able to craft and send a malformed email to a ClamAV server. Successful exploitation results in the server executing arbitrary code or crashing.


Upgrade to version 0.88.0 or higher.

See Also;group_id=86638

Plugin Details

Severity: High

ID: 3362

File Name: 3362.prm

Family: Web Clients

Published: 2006/01/10

Modified: 2016/01/15

Dependencies: 1735, 8314

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2006-0162

BID: 16191