Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1348

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Published

2009-04-30T20:30:00.467

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.6 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

4.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	active_virus_defense	*	Yes
Application	mcafee	active_virusscan	*	Yes
Application	mcafee	email_gateway	*	Yes
Application	mcafee	internet_security_suite	*	Yes
Application	mcafee	internet_security_suite	2004	Yes
Application	mcafee	internet_security_suite	2005	Yes
Application	mcafee	internet_security_suite	2006	Yes
Application	mcafee	internet_security_suite	2009	Yes
Application	mcafee	securityshield_for_email_servers	*	Yes
Application	mcafee	securityshield_for_microsoft_isa_server	*	Yes
Application	mcafee	securityshield_for_microsoft_sharepoint	*	Yes
Application	mcafee	total_protection	2009	Yes
Application	mcafee	total_protection_for_endpoint	*	Yes
Application	mcafee	virusscan_commandline	*	Yes
Application	mcafee	virusscan_enterprise	*	Yes
Application	mcafee	virusscan_enterprise	-	Yes
Application	mcafee	virusscan_enterprise	-	Yes
Application	mcafee	virusscan_enterprise	-	Yes
Application	mcafee	virusscan_plus	2009	Yes
Application	mcafee	virusscan_usb	*	Yes

References

http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html ([email protected])
http://secunia.com/advisories/34949 Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/503173/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/34780 ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Patch, Vendor Advisory ([email protected])
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34949 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/503173/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34780 (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)