CVE-2008-5050

Name of the Vulnerable Software and Affected Versions Clam Anti-Virus (ClamAV) versions prior to 0.94.1

Description The issue is caused by an off-by-one error in the get unicode name function, located in libclamav/vba extract.c, which can lead to a heap-based buffer overflow when processing a crafted VBA project file. This can result in a denial of service (crash) or potentially allow remote attackers to execute arbitrary code.

Recommendations For versions prior to 0.94.1, update to version 0.94.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of VBA project files until the update is applied.