Vulnerability Name:

CCN-22570

Published:2005-10-07
Updated:2005-10-07
Summary:Multiple vendor antivirus scanners could allow malicious files to bypass scan detection measures, caused by a vulnerability in the processing of archive files containing forged MZ headers. A remote attacker could exploit this vulnerability by sending a compressed malicious file, which could bypass antivirus protection and potentially be extracted and executed on the victim's system.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Trustix Antivirus Web site
Antivirus free Anti virus software download by Comodo

Source: CCN
Type: BugTraq Mailing List, Fri Oct 07 2005 - 16:11:29 CDT
Antivirus detection bypass by special crafted archive

Source: CCN
Type: eTrust-Iris Antivirus Web site
eTrust® EZ Antivirus 2005 - CA Consumer: Download or Physical Shipment

Source: CCN
Type: SECTRACK ID: 1015023
Clam VirusScan May Fail to Detect Viruses in Modified Archives

Source: CCN
Type: SECTRACK ID: 1015024
Kaspersky Anti-Virus May Fail to Detect Viruses in Modified Archives

Source: CCN
Type: SECTRACK ID: 1015025
Sophos Anti-Virus May Fail to Detect Viruses in Modified Archives

Source: CCN
Type: SECTRACK ID: 1015026
Computer Associates eTrust Antivirus May Fail to Detect Viruses in Modified Archives

Source: CCN
Type: SECTRACK ID: 1015027
Symantec AntiVirus May Fail to Detect Viruses in Modified Archives

Source: CCN
Type: VBA32 Antivirus Web site
VirusBlokAda

Source: CCN
Type: ArcaVir Antivirus Web site
ArcaBit - ArcaVir Antivirus Monitor

Source: CCN
Type: Avast Antivirus Web site
avast! antivirus software - computer virus, worm and Trojan protection by ALWIL Software

Source: CCN
Type: Avira Antivirus Web site
AVIRA - Antivirus Solutions for Windows and Linux

Source: CCN
Type: BitDefender AntiVirus Web site
BitDefender AntiVirus - Data Security, AntiVirus Software, Free Protection

Source: CCN
Type: ClamAV Antivirus Web site
ClamAV: Project News

Source: CCN
Type: Dr.Web Antivirus Web site
Dr.Web Anti-virus - official website of Doctor Web, Ltd.

Source: CCN
Type: F-Prot Antivirus
F-Prot Antivirus | F-Prot AVES - anti-spam and anti-virus e-mail filtering service |

Source: CCN
Type: AntiVir Antivirus Web site
AntiVir PersonalEdition Classic - More than Security

Source: CCN
Type: Grisoft AVG AntiVirus Web site
AVG Anti Virus: HOME

Source: CCN
Type: Ikarus AntiVirus Web site
IKARUS Software Vienna - Sober.C stort den Weihnachtsfrieden!

Source: CCN
Type: Kaspersky Antivirus Web site
Kaspersky Lab > Antivirus Software, Computer Virus Protection`AntiSpyware`Spam Filter`Computer Security

Source: CCN
Type: McAfee Antivirus Web site
McAfee - Antivirus Software and Intrusion Prevention Solutions

Source: CCN
Type: NOD32 Antivirus Web site
Eset Home

Source: CCN
Type: Norman Virus Control Antivirus Web site
:: NORMAN :: Antivirus | Firewall | Network security

Source: CCN
Type: Panda Antivirus Web site
Panda Security Magazine

Source: CCN
Type: Proland Protector Plus 2000 AntiVirus Web site
Antivirus Software for Windows XP, Me, 98, 2000, 2003, NT, Exchange and NetWare

Source: CCN
Type: CAT Quick Heal Web site
Protect your cyber space. Use Anti-Virus Quick Heal

Source: CCN
Type: Fortinet Antivirus Web site
Fortinet Antivirus & Firewall Devices from RaidWeb

Source: CCN
Type: Rising Antivirus Web site
Rising Antivirus International Pty Ltd

Source: CCN
Type: BID-15046
Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability

Source: CCN
Type: Sophos Antivirus Web site
Sophos - Protect against viruses, spyware, spam and policy abuse

Source: CCN
Type: Symantec Antivirus Web site
Symantec Worldwide Home Page

Source: CCN
Type: UNA Antivirus Web site
Antivirus UNA :: Anti Virus Software

Source: XF
Type: UNKNOWN
antivirus-archive-header-bypass-detection(22570)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:sophos:sophos_anti-virus:*:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:virusscan:*:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky:anti-virus:16.0.0.614:*:*:*:*:*:*:*
  • OR cpe:/a:eset:nod32_antivirus:-:*:*:*:*:*:*:*
  • OR cpe:/a:ca:vet_antivirus:-:*:*:*:*:*:*:*
  • OR cpe:/a:bitdefender:antivirus:7.60825:*:*:*:*:*:*:*
  • OR cpe:/a:f-prot:f-prot_antivirus:3.11b:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:*
  • OR cpe:/a:norman:norman_virus_control:5.81_engine_5.83.02:*:*:*:*:*:*:*
  • OR cpe:/h:fortinet:fortinet_antivirus:*:*:*:*:*:*:*:*
  • OR cpe:/a:virusblokada:vba32_antivirus:3.12.2:*:*:*:*:*:*:*
  • OR cpe:/a:trustix:antivirus:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:-:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sophos sophos anti-virus *
    mcafee virusscan *
    kaspersky anti-virus 16.0.0.614
    eset nod32 antivirus -
    ca vet antivirus -
    bitdefender bitdefender antivirus 7.60825
    f-prot f-prot antivirus 3.11b
    symantec antivirus scan engine *
    norman norman virus control 5.81_engine_5.83.02
    fortinet fortinet antivirus *
    virusblokada vba32 antivirus 3.12.2
    trustix antivirus *
    ca etrust ez antivirus -
    clamav clamav *