ClamAV Popen Function Remote Code Execution Vulnerability

info
discussion
exploit
solution
references

ClamAV Popen Function Remote Code Execution Vulnerability

ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to ClamAV 0.91.2 are vulnerable.