Vulnerability Details : CVE-2010-0098
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
Products affected by CVE-2010-0098
- cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamavs:clamav:0.06:*:*:*:*:*:*:*
- cpe:2.3:a:clamavs:clamav:0.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0098
2.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0098
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2010-0098
-
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:010
-
http://www.securityfocus.com/bid/39262
ClamAV Security Bypass And Memory Corruption VulnerabilitiesPatch
-
http://www.vupen.com/english/advisories/2010/1001
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/0909
Webmail | OVH- OVH
-
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
-
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Apple - Lists.apple.com
-
http://www.ubuntu.com/usn/USN-926-1
USN-926-1: ClamAV vulnerabilities | Ubuntu security notices
-
http://support.apple.com/kb/HT4312
About Security Update 2010-005 - Apple Support
-
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96
-
http://www.vupen.com/english/advisories/2010/0827
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
mandriva.com
-
http://www.openwall.com/lists/oss-security/2010/04/06/4
oss-security - ClamAV small issues
-
http://www.vupen.com/english/advisories/2010/1206
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/0832
Webmail | OVH- OVH
-
http://www.openwall.com/lists/oss-security/2010/04/08/3
oss-security - Re: ClamAV small issues
Jump to