CVE-2006-6627
Last modified
CVE-2006-6627 is a vulnerability of currently unknown severity. Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability.". EPSS estimates a 7.32% chance of exploitation in the next 30 days.
Description
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Softwin | Bitdefender | isa_server |
| Softwin | Bitdefender | ms_exchange_5.5 |
| Softwin | Bitdefender | ms_exchange_2000 |
| Softwin | Bitdefender | ms_exchange_2003 |
| Softwin | Bitdefender Antivirus | All versions |
| Softwin | Bitdefender Antivirus | plus |
| Softwin | Bitdefender Internet Security | All versions |
| Softwin | Bitdefender Mail Protection | enterprises |
| Softwin | Bitdefender Online Scanner | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-6627?
How severe is CVE-2006-6627?
How do I fix CVE-2006-6627?
Are you affected by CVE-2006-6627?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST