CVE-2006-4626: Buffer Overflow
First published: Thu Sep 07 2006(Updated: )
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avast Antivirus | <=4.6.460 | |
| Avast Antivirus | <=4.6.763 | |
| Avast Antivirus | =4.0.168 | |
| Avast Antivirus | =4.0.172 | |
| Avast Antivirus | =4.0.183 | |
| Avast Antivirus | =4.0.202 | |
| Avast Antivirus | =4.0.211 | |
| Avast Antivirus | =4.0.229 | |
| Avast Antivirus | =4.0.235 | |
| Avast Antivirus | =4.1.260 | |
| Avast Antivirus | =4.1.268 | |
| Avast Antivirus | =4.1.278 | |
| Avast Antivirus | =4.1.287 | |
| Avast Antivirus | =4.1.289 | |
| Avast Antivirus | =4.1.304 | |
| Avast Antivirus | =4.1.319 | |
| Avast Antivirus | =4.1.335 | |
| Avast Antivirus | =4.1.342 | |
| Avast Antivirus | =4.1.357 | |
| Avast Antivirus | =4.1.389 | |
| Avast Antivirus | =4.1.396 | |
| Avast Antivirus | =4.1.412 | |
| Avast Antivirus | =4.1.418 | |
| Avast Antivirus | =4.1.501 | |
| Avast Antivirus | =4.5.518 | |
| Avast Antivirus | =4.5.549 | |
| Avast Antivirus | =4.5.561 | |
| Avast Antivirus | =4.6.603 | |
| Avast Antivirus | =4.6.623 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-4626?
CVE-2006-4626 is rated as high severity due to its potential to allow remote code execution.
How do I fix CVE-2006-4626?
To mitigate CVE-2006-4626, users should upgrade to Avast Antivirus version 4.7.869 or later.
What software is affected by CVE-2006-4626?
CVE-2006-4626 affects several versions of Avast Antivirus prior to version 4.7.869.
What kind of attack does CVE-2006-4626 facilitate?
CVE-2006-4626 allows remote attackers to execute arbitrary code through a specially crafted LHA file.
Is there a workaround for CVE-2006-4626?
The best workaround for CVE-2006-4626 is to avoid opening LHA files from untrusted sources until the software has been updated.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/alwil
- product/avast antivirus
- canonical/alwil avast antivirus
- canonical/avast antivirus
- version/avast antivirus/4.6.460
- version/avast antivirus/4.6.763
- version/avast antivirus/4.0.168
- version/avast antivirus/4.0.172
- version/avast antivirus/4.0.183
- version/avast antivirus/4.0.202
- version/avast antivirus/4.0.211
- version/avast antivirus/4.0.229
- version/avast antivirus/4.0.235
- version/avast antivirus/4.1.260
- version/avast antivirus/4.1.268
- version/avast antivirus/4.1.278
- version/avast antivirus/4.1.287
- version/avast antivirus/4.1.289
- version/avast antivirus/4.1.304
- version/avast antivirus/4.1.319
- version/avast antivirus/4.1.335
- version/avast antivirus/4.1.342
- version/avast antivirus/4.1.357
- version/avast antivirus/4.1.389
- version/avast antivirus/4.1.396
- version/avast antivirus/4.1.412
- version/avast antivirus/4.1.418
- version/avast antivirus/4.1.501
- version/avast antivirus/4.5.518
- version/avast antivirus/4.5.549
- version/avast antivirus/4.5.561
- version/avast antivirus/4.6.603
- version/avast antivirus/4.6.623