CVE-2007-2966

Name: CVE-2007-2966
Creator: NVD / NIST
Published: 2007-05-31T23:30:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.21%

Last modified Jun 16, 2026

CVE-2007-2966 is a vulnerability of currently unknown severity. Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.. EPSS estimates a 5.21% chance of exploitation in the next 30 days.

Description

Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

Metrics

EPSS Probability

5.21%

91.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
F-Secure	F-Secure Anti-Virus	<= 4.65
F-Secure	F-Secure Anti-Virus	<= 5.42
F-Secure	F-Secure Anti-Virus	<= 5.44
F-Secure	F-Secure Anti-Virus	<= 5.52
F-Secure	F-Secure Anti-Virus	<= 5.61
F-Secure	F-Secure Anti-Virus	<= 6.40
F-Secure	F-Secure Anti-Virus	2005
F-Secure	F-Secure Anti-Virus	2006
F-Secure	F-Secure Anti-Virus	2007
F-Secure	F-Secure Anti-Virus Client Security	<= 6.03
F-Secure	F-Secure Anti-Virus Linux Client Security	<= 5.30
F-Secure	F-Secure Anti-Virus Linux Server Security	<= 5.30
F-Secure	F-Secure Internet Security	2005
F-Secure	F-Secure Internet Security	2006
F-Secure	F-Secure Internet Security	2007
F-Secure	F-Secure Protection Service	<= 6.40
F-Secure	Internet Gatekeeper	<= 2.16
F-Secure	Internet Gatekeeper	<= 6.60

References

Timeline

Published: May 31, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-2966?

How severe is CVE-2007-2966?

Severity scoring for CVE-2007-2966 is pending analysis. The EPSS model estimates a 5.21% probability of exploitation in the next 30 days.

How do I fix CVE-2007-2966?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-2966?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST