CVE-2011-1003

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.97

Description A double free vulnerability exists in the vba read project strings function in vba extract.c in libclamav. This issue might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document.

Recommendations For versions prior to 0.97, update to version 0.97 or later to resolve the issue. As a temporary workaround, consider restricting the processing of VBA data in Microsoft Office documents until the update is applied.