CVE-2006-6627

3 documents3 sources

Severity

10.0CRITICAL

EPSS

9.9%

top 7.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Softwin Bitdefender Softwin Bitdefender Antivirus Softwin Bitdefender Mail Protection

Timeline

PublishedDec 18

Latest updateMay 1

Description

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsoftwin/bitdefender_antivirusplus

▶NVDsoftwin/bitdefender_mail_protectionenterprises

▶NVDsoftwin/bitdefender4 versions+3

🔴Vulnerability Details

GHSA

GHSA-3gfm-x3mg-hww2: Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet S↗2022-05-01

▶

CVEList

CVE-2006-6627: Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet S↗2006-12-18

▶