ClamAV < 0.88.5 PE Handler Content-Parsing Overflow (deprecated)

Medium Nessus Network Monitor Plugin ID 3794


The remote host is vulnerable to a heap overflow.


The remote host is running ClamAV, an antivirus application. There is a remote content-parsing flaw in this version of ClamAV that could lead to a heap overflow. An attacker sending a malformed PE file would be able to exploit this flaw. Successful exploitation would result in the attacker executing arbitrary code.


Upgrade to version 0.88.5 or higher.

See Also

Plugin Details

Severity: Medium

ID: 3794

File Name: 3794.prm

Family: Web Clients

Published: 2006/10/16

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C


Base Score: 6.2

Temporal Score: 5.5


Temporal Vector: CVSS3#E:P/RL:O/RC:C

Reference Information

CVE: CVE-2006-4182, CVE-2006-5295

BID: 20537, 20535