Vulnerability CVE-2004-0937


Published: 2005-02-09   Modified: 2008-09-05

Description:
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Vendor: SUSE
Product: Suse linux 
Version: 9.2;
Vendor: Rav antivirus
Product: Rav antivirus desktop 
Version: 8.6;
Product: Rav antivirus for mail servers 
Version: 8.4.2;
Product: Rav antivirus for file servers 
Version: 1.0;
Vendor: CA
Product: Etrust antivirus 
Version:
7.1
7.0_sp2
7.0
Product: Etrust antivirus gateway 
Version: 7.1; 7.0;
Product: Etrust ez antivirus 
Version:
6.3
6.2
6.1
Product: Inoculateit 
Version: 6.0;
Product: Etrust ez armor 
Version:
2.4
2.3
2.0
Product: Brightstor arcserve backup 
Version: 11.1;
Product: Etrust intrusion detection 
Version:
1.5
1.4.5
1.4.1.13
Product: Etrust secure content manager 
Version: 1.1; 1.0;
Vendor: Kaspersky lab
Product: Kaspersky anti-virus 
Version:
5.0
4.0
3.0
Vendor: Sophos
Product: Sophos puremessage anti-virus 
Version: 4.6;
Product: Sophos anti-virus 
Version:
3.86
3.85
3.84
3.83
3.82
3.81
3.80
3.79
3.78d
3.78
3.4.6
Product: Sophos small business suite 
Version: 1.0;
Vendor: Mcafee
Product: Antivirus engine 
Version: 4.3.20;
Vendor: Mandrakesoft
Product: Mandrake linux 
Version: 10.1;
Vendor: Gentoo
Product: Linux 
Version: 1.4;
Vendor: Archive zip
Product: Archive zip 
Version: 1.13;
Vendor: Eset software
Product: Nod32 antivirus 
Version:
1.0.13
1.0.12
1.0.11

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.kb.cert.org/vuls/id/968818
http://www.securityfocus.com/bid/11448
http://xforce.iss.net/xforce/xfdb/17761
http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true

Related CVE
CVE-2008-4451
The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.
CVE-2007-3970
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.
CVE-2007-3971
Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.
CVE-2007-3972
ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.
CVE-2007-2852
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
CVE-2006-6676
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.
CVE-2006-6677
ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.
CVE-2006-1649
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory...

Copyright 2017, cxsecurity.com