Vulnerability CVE-2005-3226


Published: 2005-10-14   Modified: 2012-02-12

Description:
Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

Vendor: Arcavir
Product: Arcavir antivirus 

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://shadock.net/secubox/AVCraftedArchive.html
http://marc.theaimsgroup.com/?l=bugtraq&m=112879611919750&w=2

Copyright 2019, cxsecurity.com

 

Back to Top