• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

ClamAV Popen Function Remote Code Execution Vulnerability

ClamAV is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

Versions prior to ClamAV 0.91.2 are vulnerable.