CVE-2006-6458 — Micro Officescan vulnerability

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.9%

top 23.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Officescan Trend Micro Serverprotect

Timeline

PublishedDec 11

Latest updateMay 1

Description

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDtrend_micro/officescan7.3

▶NVDtrend_micro/serverprotect5.58

🔴Vulnerability Details

GHSA

GHSA-7rvr-gh9x-q4mq: The Trend Micro scan engine before 8↗2022-05-01

▶

CVEList

CVE-2006-6458: The Trend Micro scan engine before 8↗2006-12-11

▶