CVE-2011-1003
Published: 23 February 2011
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
clamav Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Released
(0.95.3+dfsg-1ubuntu0.09.04~hardy2.6)
|
|
| karmic |
Released
(0.95.3+dfsg-1ubuntu0.09.10.4)
|
|
| lucid |
Released
(0.96.5+dfsg-1ubuntu1.10.04.2)
|
|
| maverick |
Released
(0.96.5+dfsg-1ubuntu1.10.10.2)
|
|
| natty |
Not vulnerable
(0.97+dfsg-0ubuntu1)
|
|
| upstream |
Released
(0.97)
|
|
|
Patches: upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f |
||