7.6
HIGH
CVE-2008-6085
F-Secure Anti-Virus Integer Overflow Vulnerability
Description

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

INFO

Published Date :

Feb. 6, 2009, 11:30 a.m.

Last Modified :

Aug. 8, 2017, 1:33 a.m.

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

4.9
Affected Products

The following products are affected by CVE-2008-6085 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 F-secure f-secure_anti-virus
2 F-secure f-secure_anti-virus_for_citrix_servers
3 F-secure f-secure_anti-virus_for_microsoft_exchange
4 F-secure f-secure_anti-virus_for_mimesweeper
5 F-secure f-secure_anti-virus_for_windows_servers
6 F-secure f-secure_anti-virus_for_workstations
7 F-secure f-secure_anti-virus_linux_client_security
8 F-secure f-secure_anti-virus_linux_server_security
9 F-secure f-secure_client_security
10 F-secure f-secure_home_server_security
11 F-secure f-secure_internet_gatekeeper_for_linux
12 F-secure f-secure_internet_gatekeeper_for_windows
13 F-secure f-secure_internet_security
14 F-secure f-secure_linux_security
15 F-secure f-secure_messaging_security_gateway
16 F-secure f-secure_protection_service_for_business
17 F-secure f-secure_protection_service_for_consumers
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2008-6085.

URL Resource
http://secunia.com/advisories/32352 Vendor Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml Patch Vendor Advisory
http://www.securityfocus.com/bid/31846
http://www.securitytracker.com/id?1021073
http://www.vupen.com/english/advisories/2008/2874
https://exchange.xforce.ibmcloud.com/vulnerabilities/46016

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2008-6085 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2008-6085 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Aug. 08, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/46016 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/46016 [No Types Assigned]
  • Initial Analysis by [email protected]

    Feb. 06, 2009

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2008-6085 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2008-6085 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

6.17 }} -0.63%

score

0.92587

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability