Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ClamAV < 0.90.0 Multiple Vulnerabilities (deprecated)



The remote host is vulnerable to multiple attack vectors.


The remote host is running the ClamAV antivirus client.

This version of ClamAV is vulnerable to a flaw where a CAB file with a reported length of zero can cause ClamAV to crash. In addition, the ClamAV application is vulnerable to a directory traversal flaw. An attacker, by specifying a file name which has '../' or '..\' strings, can overwrite critical system files. In both instances, the attacker only needs to be able to send files that are processed by ClamAV.


Upgrade to version 0.90.0 or higher.