CVE-2006-6627

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."

Published: Dec 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6627
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
softwin / bitdefender_online_scanner	-	-
softwin / bitdefender	isa_server	isa_server.x
softwin / bitdefender	ms_exchange_5.5	ms_exchange_5.5.x
softwin / bitdefender_antivirus	plus	plus.x
softwin / bitdefender_mail_protection	enterprises	enterprises.x
softwin / bitdefender	ms_exchange_2003	ms_exchange_2003.x
softwin / bitdefender_antivirus	-	-
softwin / bitdefender	ms_exchange_2000	ms_exchange_2000.x
softwin / bitdefender_internet_security	-	-

Vulnerability Database

289,697

CVE-2006-6627