CVE-2008-6085

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
f-securef-secure_anti-virus
7.02
f-securef-secure_anti-virus_for_citrix_servers
𝑥
≤ 7.00
f-securef-secure_anti-virus_for_microsoft_exchange
𝑥
≤ 7.10
f-securef-secure_anti-virus_for_microsoft_exchange
6.62
f-securef-secure_anti-virus_for_microsoft_exchange
7.00
f-securef-secure_anti-virus_for_mimesweeper
𝑥
≤ 5.61
f-securef-secure_anti-virus_for_windows_servers
𝑥
≤ 8.00
f-securef-secure_anti-virus_for_workstations
7.10
f-securef-secure_anti-virus_for_workstations
7.11
f-securef-secure_anti-virus_linux_client_security
𝑥
≤ 5.54
f-securef-secure_anti-virus_linux_client_security
5.30
f-securef-secure_anti-virus_linux_client_security
5.52
f-securef-secure_anti-virus_linux_client_security
5.53
f-securef-secure_anti-virus_linux_server_security
𝑥
≤ 5.54
f-securef-secure_anti-virus_linux_server_security
5.30
f-securef-secure_anti-virus_linux_server_security
5.52
f-securef-secure_client_security
𝑥
≤ 7.12
f-securef-secure_client_security
7.11
f-securef-secure_internet_gatekeeper_for_linux
𝑥
≤ 2.16
f-securef-secure_internet_gatekeeper_for_windows
𝑥
≤ 6.61
f-securef-secure_internet_security
7.02
f-securef-secure_linux_security
𝑥
≤ 7.01
f-securef-secure_messaging_security_gateway
𝑥
≤ 5.0.4
f-securef-secure_messaging_security_gateway
4.0.7
f-securef-secure_protection_service_for_business
𝑥
≤ 3.10
f-securef-secure_protection_service_for_business
3.00
f-securef-secure_protection_service_for_consumers
𝑥
≤ 8.00
f-securef-secure_protection_service_for_consumers
5.00
f-securef-secure_protection_service_for_consumers
6.00
f-securef-secure_protection_service_for_consumers
7.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32352
http://www.f-secure.com/security/fsc-2008-3.shtml
http://www.securityfocus.com/bid/31846
http://www.securitytracker.com/id?1021073
http://www.vupen.com/english/advisories/2008/2874
https://exchange.xforce.ibmcloud.com/vulnerabilities/46016
http://secunia.com/advisories/32352
http://www.f-secure.com/security/fsc-2008-3.shtml
http://www.securityfocus.com/bid/31846
http://www.securitytracker.com/id?1021073
http://www.vupen.com/english/advisories/2008/2874
https://exchange.xforce.ibmcloud.com/vulnerabilities/46016