CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6627

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile24.09th
PublishedDec 18, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."

Affected Platforms (CPE)

πŸ“¦
Softwin

Bitdefender

= isa_server
πŸ“¦
Softwin

Bitdefender

= ms_exchange_5.5
πŸ“¦
Softwin

Bitdefender

= ms_exchange_2000
πŸ“¦
Softwin

Bitdefender

= ms_exchange_2003
πŸ“¦
Softwin

Bitdefender Antivirus

All versions
πŸ“¦
Softwin

Bitdefender Antivirus

= plus
πŸ“¦
Softwin

Bitdefender Internet Security

All versions
πŸ“¦
Softwin

Bitdefender Mail Protection

= enterprises
πŸ“¦
Softwin

Bitdefender Online Scanner

All versions

References & Advisories

πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html
πŸ”— http://secunia.com/advisories/23415
πŸ”— http://securityreason.com/securityalert/2044
πŸ”— http://securitytracker.com/id?1017389
πŸ”— http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html
πŸ”— http://www.securityfocus.com/archive/1/454501/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/21610
πŸ”— http://www.vupen.com/english/advisories/2006/5040

Related Vulnerabilities

CVE-2017-89319.8

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified...

CVE-2018-89559.8

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata...

CVE-2007-57759.8

Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. ...

CVE-2008-54099.3

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Intern...