CVE-2006-6458 - OpenCVE

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trend Micro	Officescan Pc Cillin - Internet Security 2006 Serverprotect

Configuration 1 [-]

OR	cpe:2.3:a:trend_micro:officescan:7.3:::::::*
	cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006::::::::
	cpe:2.3:a:trend_micro:serverprotect:5.58::emc:::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439
http://secunia.com/advisories/23321
http://www.securityfocus.com/bid/21509
http://www.vupen.com/english/advisories/2006/4918

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-11T17:00:00

Updated: 2024-08-07T20:26:46.376Z

Reserved: 2006-12-11T00:00:00

Link: CVE-2006-6458

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-11T17:28:00.000

Modified: 2011-03-08T02:46:02.937

Link: CVE-2006-6458

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-12-16T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21509", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21509"}, {"name": "23321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23321"}, {"name": "ADV-2006-4918", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4918"}, {"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6458", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21509", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21509"}, {"name": "23321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23321"}, {"name": "ADV-2006-4918", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4918"}, {"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.376Z"}, "title": "CVE Program Container", "references": [{"name": "21509", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21509"}, {"name": "23321", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23321"}, {"name": "ADV-2006-4918", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4918"}, {"name": "20061208 Multiple Vendor Antivirus RAR File Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6458", "datePublished": "2006-12-11T17:00:00", "dateReserved": "2006-12-11T00:00:00", "dateUpdated": "2024-08-07T20:26:46.376Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trend_micro:officescan:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "38BD1ADE-408F-45D0-BD0B-FBC83ED976F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:pc_cillin_-_internet_security_2006:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D237983-725B-43B5-B733-D25397A846C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:trend_micro:serverprotect:5.58:*:emc:*:*:*:*:*", "matchCriteriaId": "1364240C-2070-4CEA-BAE9-E94EAFFBBF1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop."}, {"lang": "es", "value": "El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU y cuelgue de aplicaci\u00f3n) mediante un archivo RAR mal formado con una secci\u00f3n Cabecera de Archivo con lo campos head_size (tama\u00f1o de cabecera) y pack_size (tama\u00f1o de paquete) puestos a cero, lo cual dispara un bucle infinito."}], "id": "CVE-2006-6458", "lastModified": "2011-03-08T02:46:02.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-11T17:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23321"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21509"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4918"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}