Vulnerability Details : CVE-2007-2650
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
Vulnerability category: Denial of service
Products affected by CVE-2007-2650
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Threat overview for CVE-2007-2650
Top countries where our scanners detected CVE-2007-2650
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2007-2650 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-2650!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-2650
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-2650
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-2650
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-2650
-
http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853
Broken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:115
MandrivaThird Party Advisory
-
http://www.vupen.com/english/advisories/2007/1776
Site en constructionPermissions Required
-
http://www.trustix.org/errata/2007/0020/
Trustix | Empowering Trust and Security in the Digital AgeBroken Link
-
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html
404 Not FoundBroken Link
-
http://kolab.org/security/kolab-vendor-notice-15.txt
Page not foundBroken Link
-
http://security.gentoo.org/glsa/glsa-200706-05.xml
ClamAV: Multiple Denials of Service (GLSA 200706-05) — Gentoo securityThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2007_33_clamav.html
404 Page Not Found | SUSEThird Party Advisory
-
http://www.debian.org/security/2007/dsa-1320
[SECURITY] [DSA 1320-1] New clamav packages fix several vulnerabilitiesThird Party Advisory
-
http://www.securityfocus.com/bid/24316
Third Party Advisory;VDB Entry
-
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
Broken Link
Jump to