Critical severity9.8NVD Advisory· Published Jun 22, 2017· Updated May 13, 2026

CVE-2012-6706

Description

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

Affected products

Rarlab/Unrar
cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*
Range: <=5.5.4
Sophos/Threat Detection Engine
cpe:2.3:a:sophos:threat_detection_engine:*:*:*:*:*:*:*:*
Range: <=3.36.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.chromium.org/p/project-zero/issues/detailnvdExploitThird Party Advisory
securitytracker.com/idnvdThird Party Advisory
telussecuritylabs.com/threats/show/TSL20121207-01nvdThird Party Advisory
community.sophos.com/kb/en-us/118424nvdVendor Advisory
lock.cmpxchg8b.com/sophailv2.pdfnvdThird Party Advisory
nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/nvdVendor Advisory
kc.mcafee.com/corporate/indexnvd
security.gentoo.org/glsa/201708-05nvd
security.gentoo.org/glsa/201709-24nvd
security.gentoo.org/glsa/201804-16nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000