Author: gilbert-guest Date: 2009-04-30 20:14:55 +0000 (Thu, 30 Apr 2009) New Revision: 11748 Modified: data/CVE/list Log: clamav not affected by CVE-2008-5525 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-30 18:16:47 UTC (rev 11747) +++ data/CVE/list 2009-04-30 20:14:55 UTC (rev 11748) @@ -6156,7 +6156,11 @@ CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...) NOT-FOR-US: DrWeb Anti-virus CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...) - - clamav <unfixed> (medium; bug #526041) + - clamav <not-affected> (medium; bug #526041) + NOTE: this issue refers to a clamav antivirus bypass that occurs when the user + NOTE: is using IE6 or IE7 to open a malicious page with an MZ header + NOTE: - all other browsers are not vulnerable + NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...) NOT-FOR-US: CAT-QuickHeal CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...)