Double Free Vulnerability in ClamAV by Cisco
CVE-2011-1003

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 23 February 2011

What is CVE-2011-1003?

A double free vulnerability exists in the vba_read_project_strings function in the vba_extract.c file of ClamAV prior to version 0.97. This flaw could potentially allow attackers to execute arbitrary code by leveraging specially crafted Visual Basic for Applications (VBA) data embedded in Microsoft Office documents. Careful handling of memory operations is crucial to mitigate such risks, highlighting the importance of regularly updating software to the latest secure versions.

References

http://securitytracker.com/id?1025100

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/46470

vdb-entryx_refsource_BID

http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob%...

x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 23, 2011
Vulnerability Reserved
Feb 14, 2011

Clamav

What is CVE-2011-1003?

References

EPSS Score

Timeline