PublicDateAtUSN: 2011-02-23
Candidate: CVE-2011-1003
PublicDate: 2011-02-23 19:00:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1003
 https://ubuntu.com/security/notices/USN-1076-1
Description:
 Double free vulnerability in the vba_read_project_strings function in
 vba_extract.c in libclamav in ClamAV before 0.97 might allow remote
 attackers to execute arbitrary code via crafted Visual Basic for
 Applications (VBA) data in a Microsoft Office document.  NOTE: some of
 these details are obtained from third party information.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_clamav:
 upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
upstream_clamav: released (0.97)
dapper_clamav: ignored (reached end-of-life)
hardy_clamav: released (0.95.3+dfsg-1ubuntu0.09.04~hardy2.6)
karmic_clamav: released (0.95.3+dfsg-1ubuntu0.09.10.4)
lucid_clamav: released (0.96.5+dfsg-1ubuntu1.10.04.2)
maverick_clamav: released (0.96.5+dfsg-1ubuntu1.10.10.2)
natty_clamav: not-affected (0.97+dfsg-0ubuntu1)
devel_clamav: not-affected (0.97+dfsg-0ubuntu1)