製品・ソフトウェアに関する情報

JVN脆弱性詳細

BitDefender 製品に同梱された PE ファイルの解析の実装における整数オーバーフローの脆弱性

Title	BitDefender 製品に同梱された PE ファイルの解析の実装における整数オーバーフローの脆弱性
Summary	BitDefender AntiVirus、BitDefender OnLine Scanner、BitDefender Interent Security、BitDefender Mail Protection などの BitDefender 製品に同梱された PE ファイルの解析の実装には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工されたファイルを介して、ヒープベースのバッファオーバフローを誘発され、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 18, 2006, midnight
Registration Date	Dec. 20, 2012, 6:02 p.m.
Last Update	Dec. 20, 2012, 6:02 p.m.

Affected System

softwin

bitdefender 20060829 未満

bitdefender antivirus 20060829 未満

bitdefender internet security 20060829 未満

bitdefender mail protection 20060829 未満

bitdefender online scanner 20060829 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-6627	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6627
National Vulnerability Database (NVD)
2	CVE-2006-6627	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6627

ベンダー情報

No	Name	URL
softwin
1	Top Page	http://www.bitdefender.com/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-6627

Summary	Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
Summary	Desbordamiento de enteros en el fichero de la implementación del análisis sintáctico del paquete PE de los productos BitDefender anteriores a la 20060829,incluyendo Antivirus, Antivirus Plus, Internet Security, Mail Protection para Enterprises y Online Scanner, y los productos BitDefender para Microsoft ISA Server y Exchange 5.5 hasta el 2003, permite a atacantes remotos ejecutar código de su elección mediante un fichero modificado, que dispara un desbordamiento de búfer basado en pila, también conocido como "vulnerabilidad cevakrnl.xmd".
Publication Date	Dec. 18, 2006, 8:28 p.m.
Registration Date	Jan. 29, 2021, 3:52 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:softwin:bitdefender:isa_server:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:::::::*
cpe:2.3:a:softwin:bitdefender_antivirus::::::::
cpe:2.3:a:softwin:bitdefender_antivirus:plus:::::::*
cpe:2.3:a:softwin:bitdefender_internet_security::::::::
cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:::::::*
cpe:2.3:a:softwin:bitdefender_online_scanner::::::::

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html	cve@mitre.org
2	http://secunia.com/advisories/23415	cve@mitre.org
3	http://securityreason.com/securityalert/2044	cve@mitre.org
4	http://securitytracker.com/id?1017389	cve@mitre.org
5	http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html	cve@mitre.org
6	http://www.securityfocus.com/archive/1/454501/100/0/threaded	cve@mitre.org
7	http://www.securityfocus.com/bid/21610	cve@mitre.org
8	http://www.vupen.com/english/advisories/2006/5040	cve@mitre.org
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/30904	cve@mitre.org
10	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html	af854a3a-2127-422b-91ae-364da2661108
11	http://secunia.com/advisories/23415	af854a3a-2127-422b-91ae-364da2661108
12	http://securityreason.com/securityalert/2044	af854a3a-2127-422b-91ae-364da2661108
13	http://securitytracker.com/id?1017389	af854a3a-2127-422b-91ae-364da2661108
14	http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securityfocus.com/archive/1/454501/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/bid/21610	af854a3a-2127-422b-91ae-364da2661108
17	http://www.vupen.com/english/advisories/2006/5040	af854a3a-2127-422b-91ae-364da2661108
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/30904	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:softwin:bitdefender:isa_server:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:::::::*
cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:::::::*
cpe:2.3:a:softwin:bitdefender_antivirus::::::::
cpe:2.3:a:softwin:bitdefender_antivirus:plus:::::::*
cpe:2.3:a:softwin:bitdefender_internet_security::::::::
cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:::::::*
cpe:2.3:a:softwin:bitdefender_online_scanner::::::::