Details of VAR-200706-0449

ID

VAR-200706-0449

CVE

CVE-2007-3300

TITLE

plural F-Secure Vulnerabilities that prevent scanning of anti-virus products

Trust: 0.8

sources: JVNDB: JVNDB-2007-002205

DESCRIPTION

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. An attacker may exploit this issue by sending maliciously crafted RAR or LHA archives to victims. Successful exploits will allow attackers to distribute compressed archives containing malicious code that will not be detected by the antivirus application. Both F-Secure Internet Gatekeeper and F-Secure Anti-Virus are anti-virus products released by an anti-virus software manufacturer in Finland

Trust: 1.98

sources: NVD: CVE-2007-3300 // JVNDB: JVNDB-2007-002205 // BID: 24525 // VULHUB: VHN-26662

AFFECTED PRODUCTS

vendor:	f secure	model:	solutions based on f-secure personal express	scope:	eq	version:	6.20	Trust: 1.9
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2007	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.61	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	7.00	Trust: 1.6
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.16	Trust: 1.6
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.15.484	Trust: 1.6
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2005	Trust: 1.6
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006	Trust: 1.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2007	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus linux server security	scope:	lte	version:	5.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.43	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.06	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.65	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.5	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.44	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.30	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.40	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.42	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	2.14	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.2.1	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.3.0	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.2	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.21	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	lte	version:	5.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.02	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.01	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.40	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.56	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2.16	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.41	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.30_sr1	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.31	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2005	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.64	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.51	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.54	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	lte	version:	6.61	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.61	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.55	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.03	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	6.60	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.61	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lt	version:	microsoft windows version and linux edition 20070619	Trust: 0.8
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.64	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.60	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	2.16	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.11	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	-	version:	-	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.41	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.50	Trust: 0.3
vendor:	f secure	model:	anti-virus for citrix servers	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.11	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	7.00	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.65	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.0	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.50	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	5.0.2	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.2	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.43	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.64	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	5.3.0	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.61	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	anti-virus for mimesweeper	scope:	eq	version:	5.61	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.61	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.0.4	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.40	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.32	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	6.02	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.16	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.14	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.30	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.0	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.31	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.60	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.51	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.40	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.41	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.42	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.65	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	5.56	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.50	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	6.03	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	2005	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.61	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	7.00	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.01	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.06	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.400	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	2005	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	5.44	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.01	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.51	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	2007	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.3	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.61	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	20060	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.21	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.30	Trust: 0.3
vendor:	f secure	model:	anti-virus for windows servers	scope:	eq	version:	5.41	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	2007	Trust: 0.3
vendor:	f secure	model:	anti-virus linux server security	scope:	eq	version:	5.04	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange	scope:	eq	version:	6.31	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.01	Trust: 0.3
vendor:	f secure	model:	anti-virus for workstations	scope:	eq	version:	7.00	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux gateways	scope:	eq	version:	4.52	Trust: 0.3
vendor:	f secure	model:	anti-virus for linux servers	scope:	eq	version:	4.52	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.55	Trust: 0.3
vendor:	f secure	model:	anti-virus for ms exchange service release	scope:	eq	version:	6.301	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	20060	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	7.00	Trust: 0.3
vendor:	f secure	model:	anti-virus	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	6.01	Trust: 0.3
vendor:	f secure	model:	anti-virus linux client security	scope:	eq	version:	5.30	Trust: 0.3
vendor:	f secure	model:	anti-virus client security	scope:	eq	version:	5.54	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper for linux	scope:	eq	version:	2.15.484	Trust: 0.3

sources: BID: 24525 // JVNDB: JVNDB-2007-002205 // CNNVD: CNNVD-200706-308 // NVD: CVE-2007-3300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3300
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-3300
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200706-308
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-26662
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-3300
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26662
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26662 // JVNDB: JVNDB-2007-002205 // CNNVD: CNNVD-200706-308 // NVD: CVE-2007-3300

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-308

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200706-308

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002205

PATCH

title:

Security advisories

url:

http://www.f-secure.com/en/web/labs_global/security-advisories

Trust: 0.8

sources: JVNDB: JVNDB-2007-002205

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3300	Trust: 2.8
db:	BID	id:	24525	Trust: 2.0
db:	SECUNIA	id:	25738	Trust: 1.7
db:	SECTRACK	id:	1018268	Trust: 1.7
db:	SECTRACK	id:	1018266	Trust: 1.7
db:	SECTRACK	id:	1018267	Trust: 1.7
db:	OSVDB	id:	36729	Trust: 1.7
db:	OSVDB	id:	36728	Trust: 1.7
db:	VUPEN	id:	ADV-2007-2247	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002205	Trust: 0.8
db:	XF	id:	34942	Trust: 0.6
db:	CNNVD	id:	CNNVD-200706-308	Trust: 0.6
db:	VULHUB	id:	VHN-26662	Trust: 0.1

sources: VULHUB: VHN-26662 // BID: 24525 // JVNDB: JVNDB-2007-002205 // CNNVD: CNNVD-200706-308 // NVD: CVE-2007-3300

REFERENCES

url:	http://www.f-secure.com/security/fsc-2007-5.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/24525	Trust: 1.7
url:	http://osvdb.org/36728	Trust: 1.7
url:	http://osvdb.org/36729	Trust: 1.7
url:	http://www.securitytracker.com/id?1018266	Trust: 1.7
url:	http://www.securitytracker.com/id?1018267	Trust: 1.7
url:	http://www.securitytracker.com/id?1018268	Trust: 1.7
url:	http://secunia.com/advisories/25738	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/2247	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34942	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3300	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3300	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/2247	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/34942	Trust: 0.6
url:	http://www.f-secure.com/	Trust: 0.3

sources: VULHUB: VHN-26662 // BID: 24525 // JVNDB: JVNDB-2007-002205 // CNNVD: CNNVD-200706-308 // NVD: CVE-2007-3300

CREDITS

Thierry Zoller

Trust: 0.6

sources: CNNVD: CNNVD-200706-308

SOURCES

db:	VULHUB	id:	VHN-26662
db:	BID	id:	24525
db:	JVNDB	id:	JVNDB-2007-002205
db:	CNNVD	id:	CNNVD-200706-308
db:	NVD	id:	CVE-2007-3300

LAST UPDATE DATE

2024-11-23T22:43:22.303000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26662	date:	2017-07-29T00:00:00
db:	BID	id:	24525	date:	2015-05-07T17:37:00
db:	JVNDB	id:	JVNDB-2007-002205	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-308	date:	2007-06-22T00:00:00
db:	NVD	id:	CVE-2007-3300	date:	2024-11-21T00:32:53.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26662	date:	2007-06-20T00:00:00
db:	BID	id:	24525	date:	2007-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2007-002205	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200706-308	date:	2007-06-20T00:00:00
db:	NVD	id:	CVE-2007-3300	date:	2007-06-20T22:30:00