PT-2006-7229 · Bitdefender+1 · Bitdefender+2
Sergio Alvarez
·
Published
2006-12-18
·
Updated
2018-10-17
·
CVE-2006-6627
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
BitDefender products versions prior to 20060829
BitDefender products for Microsoft ISA Server and Exchange versions 5.5 through 2003
Description
The issue is related to an integer overflow in the packed PE file parsing implementation, which can be exploited by remote attackers to execute arbitrary code via a crafted file. This exploitation triggers a heap-based buffer overflow.
Recommendations
For BitDefender products versions prior to 20060829, update to a version released after 20060829 to resolve the issue.
For BitDefender products for Microsoft ISA Server and Exchange versions 5.5 through 2003, update to a version released after the affected range to resolve the issue.
As a temporary workaround, consider restricting access to the packed PE file parsing implementation until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bitdefender
Exchange Server
Isa Server