1. CVE-Search
  2. CVE-2008-6085
ID CVE-2008-6085
Summary Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:7.02:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:second:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus:2009:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_citrix_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:6.62:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_microsoft_exchange:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_mimesweeper:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_windows_servers:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:5.52:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_client_security:7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_client_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_home_server_security:2009:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_linux:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_gatekeeper_for_windows:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:7.02:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:second:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_internet_security:2009:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_linux_security:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_messaging_security_gateway:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_business:3.00:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:5.00:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:6.00:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:7.00:*:*:*:*:*:*:*
  • cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*
    cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 31846
confirm http://www.f-secure.com/security/fsc-2008-3.shtml
sectrack 1021073
secunia 32352
vupen ADV-2008-2874
xf fsecure-multipleproducts-rpm-bo(46016)
Last major update 08-08-2017 - 01:33
Published 06-02-2009 - 11:30
Last modified 08-08-2017 - 01:33
Back to Top