CVE-2006-6458 - OpenCVE

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Trend Micro	Pc Cillin - Internet Security 2006 Serverprotect Officescan

Configuration 1 [-]

OR	cpe:2.3:a:trend_micro:officescan:7.3:::::::*
	cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006::::::::
	cpe:2.3:a:trend_micro:serverprotect:5.58::emc:::::

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439
http://secunia.com/advisories/23321
http://www.securityfocus.com/bid/21509
http://www.vupen.com/english/advisories/2006/4918

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-11T17:00:00

Updated: 2006-12-16T10:00:00

Reserved: 2006-12-11T00:00:00

Link: CVE-2006-6458

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-11T17:28:00.000

Modified: 2011-03-08T02:46:02.937

Link: CVE-2006-6458

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-16T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21509", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21509"}, {"name": "23321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23321"}, {"name": "ADV-2006-4918", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4918"}, {"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21509", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21509"}, {"name": "23321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23321"}, {"name": "ADV-2006-4918", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4918"}, {"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6458", "datePublished": "2006-12-11T17:00:00", "dateReserved": "2006-12-11T00:00:00", "dateUpdated": "2006-12-16T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D237983-725B-43B5-B733-D25397A846C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*", "matchCriteriaId": "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}, {"lang": "es", "value": "El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU y cuelgue de aplicaci\u00f3n) mediante un archivo RAR mal formado con una secci\u00f3n Cabecera de Archivo con lo campos head_size (tama\u00f1o de cabecera) y pack_size (tama\u00f1o de paquete) puestos a cero, lo cual dispara un bucle infinito."}], "id": "CVE-2006-6458", "lastModified": "2011-03-08T02:46:02.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-11T17:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23321"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21509"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4918"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}