CVE-2012-6706 - OpenCVE

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rarlab	Unrar
Sophos	Threat Detection Engine

Configuration 1 [-]

cpe:2.3:a:sophos:threat_detection_engine:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securitytracker.com/id?1027725
http://telussecuritylabs.com/threats/show/TSL20121207-01
https://bugs.chromium.org/p/project-zero/issues/detail?id=1286
https://community.sophos.com/kb/en-us/118424#six
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://lock.cmpxchg8b.com/sophailv2.pdf
https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/
https://security.gentoo.org/glsa/201708-05
https://security.gentoo.org/glsa/201709-24
https://security.gentoo.org/glsa/201804-16

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-22T13:00:00

Updated: 2024-08-06T21:36:02.351Z

Reserved: 2017-06-22T00:00:00

Link: CVE-2012-6706

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-06-22T13:29:00.173

Modified: 2018-10-21T10:29:00.363

Link: CVE-2012-6706

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-22T00:00:00", "descriptions": [{"lang": "en", "value": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-21T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"}, {"tags": ["x_refsource_MISC"], "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"}, {"name": "GLSA-201709-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-24"}, {"tags": ["x_refsource_MISC"], "url": "https://community.sophos.com/kb/en-us/118424#six"}, {"name": "GLSA-201708-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-05"}, {"tags": ["x_refsource_MISC"], "url": "https://lock.cmpxchg8b.com/sophailv2.pdf"}, {"name": "GLSA-201804-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201804-16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"}, {"tags": ["x_refsource_MISC"], "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01"}, {"tags": ["x_refsource_MISC"], "url": "http://securitytracker.com/id?1027725"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6706", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"}, {"name": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", "refsource": "MISC", "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"}, {"name": "GLSA-201709-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-24"}, {"name": "https://community.sophos.com/kb/en-us/118424#six", "refsource": "MISC", "url": "https://community.sophos.com/kb/en-us/118424#six"}, {"name": "GLSA-201708-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-05"}, {"name": "https://lock.cmpxchg8b.com/sophailv2.pdf", "refsource": "MISC", "url": "https://lock.cmpxchg8b.com/sophailv2.pdf"}, {"name": "GLSA-201804-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201804-16"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"}, {"name": "http://telussecuritylabs.com/threats/show/TSL20121207-01", "refsource": "MISC", "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01"}, {"name": "http://securitytracker.com/id?1027725", "refsource": "MISC", "url": "http://securitytracker.com/id?1027725"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:36:02.351Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"}, {"name": "GLSA-201709-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201709-24"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.sophos.com/kb/en-us/118424#six"}, {"name": "GLSA-201708-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-05"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lock.cmpxchg8b.com/sophailv2.pdf"}, {"name": "GLSA-201804-16", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201804-16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securitytracker.com/id?1027725"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-6706", "datePublished": "2017-06-22T13:00:00", "dateReserved": "2017-06-22T00:00:00", "dateUpdated": "2024-08-06T21:36:02.351Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sophos:threat_detection_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "90694400-2314-41E4-BE0B-BD5B845AA324", "versionEndIncluding": "3.36.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "62C24682-D1EE-4D20-A2F2-73C689FCAA1B", "versionEndIncluding": "5.5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]."}, {"lang": "es", "value": "Una corrupci\u00f3n de memoria VMSF_DELTA descubierta en unrar versiones anteriores a 5.5.5, utilizada en Sophos Anti-Virus Threat Detection Engine versiones anteriores a 3.37.2 y otros productos, puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario. Un desbordamiento de enteros puede producirse en DataSize + CurChannel. El resultado es un valor negativo de la variable \"DestPos\", que permite al atacante escribir fuera de l\u00edmites al configurar Mem [DestPos]."}], "id": "CVE-2012-6706", "lastModified": "2018-10-21T10:29:00.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-22T13:29:00.173", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securitytracker.com/id?1027725"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.sophos.com/kb/en-us/118424#six"}, {"source": "cve@mitre.org", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lock.cmpxchg8b.com/sophailv2.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201708-05"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201709-24"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201804-16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}