ClamAV < 0.92.0 PE File Handling Integer Overflow (deprecated)
High Nessus Network Monitor Plugin ID 4321
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running the ClamAV antivirus client.
This version of ClamAV is vulnerable to a remote integer overflow due to a content-parsing flaw when handling malformed PE files. An attacker exploiting this flaw would only need the ability to send a malformed attachment to a system protected by ClamAV. Successful exploitation would result in the attacker overwriting critical memory blocks and either crashing the service or executing arbitrary code.
SolutionUpgrade to version 0.92.0 or higher.