HTTP: ClamAV OLE2 uniq_add Out-of-Bounds Write Remote Code Execution
This signature detects attempts to exploit a known vulnerability against ClamAV. A successful attack can lead to arbitrary code execution.
Extended Description
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
Affected Products
Clamav clamav
Short Name
HTTP:CLAMAV-CVE-2019-1788-OB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-1788 ClamAV Code Execution OLE2 Out-of-Bounds Remote Write uniq_add
Release Date
06/04/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Opensuse
Clamav
Debian
CVSS Score
4.3