CVE-2007-5254 — Vba32 Antivirus vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 90.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Virusblokada Vba32 Antivirus

Timeline

PublishedOct 6

Latest updateMay 1

Description

VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDvirusblokada/vba32_antivirus3.12.2

Patches

Patch: www.anti-virus.by ↗Patch: www.anti-virus.by ↗

🔴Vulnerability Details

GHSA

GHSA-375f-qm2g-pw3c: VirusBlokAda Vba32 AntiVirus 3↗2022-05-01

▶

CVEList

CVE-2007-5254: VirusBlokAda Vba32 AntiVirus 3↗2007-10-06

▶