On Jan 26, 2011, at 11:08 AM, David Dorsey wrote: > I scanned a document with clamav and it detected > BC.Exploit.CVE_2010_3333. I was just wondering where I can get > information about this signature. Specifically, I am trying to find > out what this signature is looking for in the file. I know this > signature is in bytecode.cld, but I'm not having any luck interpreting > the data following it.
I can't help you interpret the bytecode, but the CVE entry is described here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3333 ...as "RTF Stack Buffer Overflow Vulnerability" primarily affecting MS Office. Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
