CVE-2011-1003

Publication date 23 February 2011

Last updated 24 July 2024

Ubuntu priority

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	11.04 natty	Not affected
	10.10 maverick	Fixed 0.96.5+dfsg-1ubuntu1.10.10.2
	10.04 LTS lucid	Fixed 0.96.5+dfsg-1ubuntu1.10.04.2
	9.10 karmic	Fixed 0.95.3+dfsg-1ubuntu0.09.10.4
	8.04 LTS hardy	Fixed 0.95.3+dfsg-1ubuntu0.09.04~hardy2.6
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
clamav	Upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f

CVE-2011-1003

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references