CVE-2006-4626

Exp

Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.

Published: 2006-09-07 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-4626 is rated High Exploit Risk (75.3/100): CVSS High severity, with high exploitation likelihood (EPSS 4.58%, 90th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-4626

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-4626

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 5.89% 4.58% -1.31%
2 2025-06-16 4.90% 5.89% +0.99%
3 2025-04-26 4.90%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-4626

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2006-4626

NVD evaluator notes for CVE-2006-4626

Solution: This vulnerability is addressed in the following product releases: ALWIL, avast! antivirus, 4.7.869 (for Desktops) ALWIL, avast! antivirus, Server 4.7.660 (for Servers)

Affected software / configurations for CVE-2006-4626

Vendor Product Version Raw CPE
alwil avast_antivirus <= 4.6.460 cpe:2.3:a:alwil:avast_antivirus:*:*:server:*:*:*:*:*
alwil avast_antivirus <= 4.6.763 cpe:2.3:a:alwil:avast_antivirus:*:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.168 cpe:2.3:a:alwil:avast_antivirus:4.0.168:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.172 cpe:2.3:a:alwil:avast_antivirus:4.0.172:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.183 cpe:2.3:a:alwil:avast_antivirus:4.0.183:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.202 cpe:2.3:a:alwil:avast_antivirus:4.0.202:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.211 cpe:2.3:a:alwil:avast_antivirus:4.0.211:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.229 cpe:2.3:a:alwil:avast_antivirus:4.0.229:*:*:*:*:*:*:*
alwil avast_antivirus 4.0.235 cpe:2.3:a:alwil:avast_antivirus:4.0.235:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.260 cpe:2.3:a:alwil:avast_antivirus:4.1.260:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.268 cpe:2.3:a:alwil:avast_antivirus:4.1.268:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.278 cpe:2.3:a:alwil:avast_antivirus:4.1.278:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.287 cpe:2.3:a:alwil:avast_antivirus:4.1.287:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.289 cpe:2.3:a:alwil:avast_antivirus:4.1.289:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.304 cpe:2.3:a:alwil:avast_antivirus:4.1.304:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.319 cpe:2.3:a:alwil:avast_antivirus:4.1.319:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.335 cpe:2.3:a:alwil:avast_antivirus:4.1.335:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.342 cpe:2.3:a:alwil:avast_antivirus:4.1.342:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.357 cpe:2.3:a:alwil:avast_antivirus:4.1.357:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.389 cpe:2.3:a:alwil:avast_antivirus:4.1.389:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.396 cpe:2.3:a:alwil:avast_antivirus:4.1.396:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.412 cpe:2.3:a:alwil:avast_antivirus:4.1.412:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.418 cpe:2.3:a:alwil:avast_antivirus:4.1.418:*:*:*:*:*:*:*
alwil avast_antivirus 4.1.501 cpe:2.3:a:alwil:avast_antivirus:4.1.501:*:*:*:*:*:*:*
alwil avast_antivirus 4.5.518 cpe:2.3:a:alwil:avast_antivirus:4.5.518:*:*:*:*:*:*:*
alwil avast_antivirus 4.5.549 cpe:2.3:a:alwil:avast_antivirus:4.5.549:*:*:*:*:*:*:*
alwil avast_antivirus 4.5.561 cpe:2.3:a:alwil:avast_antivirus:4.5.561:*:*:*:*:*:*:*
alwil avast_antivirus 4.6.603 cpe:2.3:a:alwil:avast_antivirus:4.6.603:*:*:*:*:*:*:*
alwil avast_antivirus 4.6.623 cpe:2.3:a:alwil:avast_antivirus:4.6.623:*:*:*:*:*:*:*

References for CVE-2006-4626

cvelogic Threat Intelligence