Vulnerability Description
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alwil | Avast Antivirus | <= 4.6.460 |
References
- http://secunia.com/advisories/21794
- http://www.hustlelabs.com/advisories/04072006_alwil.pdfExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/19903
- http://www.vupen.com/english/advisories/2006/3515
- http://secunia.com/advisories/21794
- http://www.hustlelabs.com/advisories/04072006_alwil.pdfExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/19903
- http://www.vupen.com/english/advisories/2006/3515
FAQ
What is CVE-2006-4626?
CVE-2006-4626 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and direct...
How severe is CVE-2006-4626?
CVE-2006-4626 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4626?
Check the references section above for vendor advisories and patch information. Affected products include: Alwil Avast Antivirus.