CVE-2006-4438

Doctor WEB LTD Dr.web < 4.33_for_linux - Buffer Overflow

Title source: rule

Description

Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Guay-Leroux · clocallinux

https://www.exploit-db.com/exploits/2404

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/20119

[Vendor Advisory] http://secunia.com/advisories/22019

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3719

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html

Scores

EPSS 0.0368

EPSS Percentile 88.0%

Details

Status published

Products (1)

doctor_web_ltd/dr.web < 4.33_for_linux

Published Sep 20, 2006

Tracked Since Feb 18, 2026