Buffer Overflow Vulnerability in Avira Antivir Antivirus Product
CVE-2007-2974

Currently unrated

Key Information:

Vendor: Avira
Status: Av Pack; Antivir
Vendor: CVE Published:; 1 June 2007

What is CVE-2007-2974?

A buffer overflow vulnerability exists in the file parsing engine of Avira Antivir Antivirus prior to version 7.03.00.09. This flaw allows remote attackers to craft malicious LZH archive files that, when processed by the antivirus software, may lead to the execution of arbitrary code on the affected system. The vulnerability arises from improper handling of integer casting, which could potentially allow extensive ramifications for system security.

References

http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%...

x_refsource_MISC

http://www.securityfocus.com/bid/24187

vdb-entryx_refsource_BID

http://forum.antivir-pe.de/thread.php?threadid=22528

x_refsource_CONFIRM

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 1, 2007
Vulnerability Reserved
May 31, 2007