Vulnerability CVE-2009-1348


Published: 2009-04-30   Modified: 2009-05-19

Description:
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Type:

CWE-20

(Improper Input Validation)

Vendor: Mcafee
Product: Internet security suite 
Version:
2009
2006
2005
2004
Product: Total protection 
Version: 2009;
Product: Virusscan plus 
Version: 2009;
Product: Active virus defense 
Product: Active virusscan 
Product: Email gateway 
Product: Securityshield for email servers 
Product: Securityshield for microsoft isa server 
Product: Securityshield for microsoft sharepoint 
Product: Total protection for endpoint 
Product: Virusscan commandline 
Product: Virusscan usb 
Product: Virusscan enterprise 

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
http://www.securityfocus.com/bid/34780
http://www.securityfocus.com/archive/1/archive/1/503173/100/0/threaded
http://secunia.com/advisories/34949
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html

Related CVE
CVE-2017-3898
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the H...
CVE-2017-3897
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file e...
CVE-2017-4054
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter.
CVE-2017-4055
Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and a...
CVE-2017-4057
Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands.
CVE-2017-4052
Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator function...
CVE-2017-4053
Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter.
CVE-2017-3948
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing sess...

Copyright 2017, cxsecurity.com

 

Back to Top