PT-2012-1192 · Sophos+3 · Sophos Anti-Virus Threat Detection Engine+3

Publicado

2012-06-09

Atualizado

2024-06-15

CVE-2012-6706

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions unrar versions prior to 5.5.5 Sophos Anti-Virus Threat Detection Engine versions prior to 3.37.2

Description A memory corruption issue was discovered in the VMSF DELTA component of the UnRAR file decompression tool. This issue is caused by an integer overflow when summing DataSize and CurChannel, resulting in a negative value of the DestPos variable. This allows an attacker to write out of bounds when setting Mem[DestPos], potentially leading to arbitrary code execution.

Recommendations For unrar versions prior to 5.5.5, update to version 5.5.5 or later to resolve the issue. For Sophos Anti-Virus Threat Detection Engine versions prior to 3.37.2, update to version 3.37.2 or later to resolve the issue.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2017-2147

ALT-PU-2018-1363

BDU:2017-02104

CVE-2012-6706

DLA-1003-1

DLA-1014-1

MGASA-2017-0302

OPENSUSE-SU-2017_1797-1

OPENSUSE-SU-2018_0825-1

OPENSUSE-SU-2024:10685-1

SUSE-SU-2017:1716-1

SUSE-SU-2017:1745-1

SUSE-SU-2017:1760-1

SUSE-SU-2017:1763-1

SUSE-SU-2017_1716-1

SUSE-SU-2017_1760-1

SUSE-SU-2017_1763-1

SUSE-SU-2018:0809-1

SUSE-SU-2018:0862-1

SUSE-SU-2018:0863-1

SUSE-SU-2018_0809-1

SUSE-SU-2018_0862-1

SUSE-SU-2018_0863-1

SUSE-SU-2021:2834-1

SUSE-SU-2021_2834-1

Produtos afetados

Alt Linux

Sophos Anti-Virus Threat Detection Engine

Suse

Unrar

PT-2012-1192 · Sophos+3 · Sophos Anti-Virus Threat Detection Engine+3

CVE-2012-6706

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158