CVE-2012-6706
moderate-risk
Published 2017-06-22
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
Do I need to act?
~
2.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
Threat Detection Engine
Unrar
References (20)
Third Party Advisory
http://securitytracker.com/id?1027725
Third Party Advisory
http://telussecuritylabs.com/threats/show/TSL20121207-01
Vendor Advisory
https://community.sophos.com/kb/en-us/118424#six
Third Party Advisory
https://lock.cmpxchg8b.com/sophailv2.pdf
Third Party Advisory
http://securitytracker.com/id?1027725
Third Party Advisory
http://telussecuritylabs.com/threats/show/TSL20121207-01
Vendor Advisory
https://community.sophos.com/kb/en-us/118424#six
Third Party Advisory
https://lock.cmpxchg8b.com/sophailv2.pdf
45
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
6/34 · Minimal
Exposure
7/34 · Low