CVE-2006-5937

Grisoft AVG Anti-Virus - Remote Code Execution via Crafted CAB or RAR Archives

Title source: llm
STIX 2.1

Description

Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

References (4)

Core 4
Core References
Patch, Product x_refsource_confirm
http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=116343152030074&w=2
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4498
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22811

Scores

EPSS 0.0386
EPSS Percentile 88.9%

Details

CWE
CWE-190
Status published
Products (4)
grisoft/avg_antivirus 7.0
grisoft/avg_antivirus 7.0.251
grisoft/avg_antivirus 7.0.323
grisoft/avg_antivirus 7.1.308
Published Nov 16, 2006
Tracked Since Feb 18, 2026