Vulnerability CVE-2009-1348


Published: 2009-04-30   Modified: 2012-02-13

Description:
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Type:

CWE-20

(Improper Input Validation)

Vendor: Mcafee
Product: Virusscan plus 
Version: 2009;
Product: Internet security suite 
Version:
2009
2006
2005
2004
Product: Total protection 
Version: 2009;
Product: Active virus defense 
Product: Virusscan commandline 
Product: Securityshield for email servers 
Product: Email gateway 
Product: Securityshield for microsoft sharepoint 
Product: Total protection for endpoint 
Product: Active virusscan 
Product: Securityshield for microsoft isa server 
Product: Virusscan usb 
Product: Virusscan enterprise 

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
http://www.securityfocus.com/archive/1/503173/100/0/threaded
http://www.securityfocus.com/bid/34780
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Related CVE
CVE-2019-3606
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text ...
CVE-2019-3597
Authentication Bypass vulnerability in McAfee Network Security Manager (NSM) 9.1 < 9.1.7.75.2 and 9.2 < 9.2.7.31 (9.2 Update 2) allows unauthenticated users to gain administrator rights via incorrect handling of expired GUI sessions.
CVE-2019-3615
Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.
CVE-2019-3599
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.
CVE-2019-3598
Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
CVE-2019-3582
Privilege Escalation vulnerability in Microsoft Windows client in McAfee Endpoint Security (ENS) 10.6.1 and earlier allows local users to gain elevated privileges via a specific set of circumstances.
CVE-2018-6687
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs...
CVE-2019-3610
Data Leakage Attacks vulnerability in Microsoft Windows client in McAfee True Key (TK) 3.1.9211.0 and earlier allows local users to expose confidential data via specially crafted malware.

Copyright 2019, cxsecurity.com

 

Back to Top