Vulnerability CVE-2009-1348


Published: 2009-04-30   Modified: 2012-02-13

Description:
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Mcafee -> Active virus defense 
Mcafee -> Active virusscan 
Mcafee -> Email gateway 
Mcafee -> Internet security suite 
Mcafee -> Securityshield for email servers 
Mcafee -> Securityshield for microsoft isa server 
Mcafee -> Securityshield for microsoft sharepoint 
Mcafee -> Total protection 
Mcafee -> Total protection for endpoint 
Mcafee -> Virusscan commandline 
Mcafee -> Virusscan enterprise 
Mcafee -> Virusscan plus 
Mcafee -> Virusscan usb 

 References:
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
http://www.securityfocus.com/archive/1/503173/100/0/threaded
http://www.securityfocus.com/bid/34780
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Copyright 2021, cxsecurity.com

 

Back to Top