Vulnerability Name:

CVE-2004-0932 (CCN-17761)

Assigned:2004-10-18
Published:2004-10-18
Updated:2021-04-09
Summary:McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2004-0932

Source: MITRE
Type: CNA
CVE-2004-0933

Source: MITRE
Type: CNA
CVE-2004-0934

Source: MITRE
Type: CNA
CVE-2004-0935

Source: MITRE
Type: CNA
CVE-2004-0936

Source: MITRE
Type: CNA
CVE-2004-0937

Source: MITRE
Type: CNA
CVE-2004-1096

Source: CCN
Type: McAfee Anti-Virus Updates Web page
Anti-Virus Updates

Source: CCN
Type: SA13038
Archive::Zip Zip Archive Virus Detection Bypass Vulnerability

Source: CCN
Type: CA SupportConnect Web site
Arclib.dll Vulnerability

Source: CCN
Type: GLSA-200410-31
Archive::Zip: Virus detection evasion

Source: CCN
Type: iDEFENSE Security Advisory 10.18.04
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

Source: IDEFENSE
Type: UNKNOWN
20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

Source: CCN
Type: Kaspersky Web site
Kaspersky Labs - antivirus protection - protect your cyberspace

Source: CCN
Type: US-CERT VU#492545
Archive::Zip may not properly parse the file sizes of Zip archives

Source: CCN
Type: US-CERT VU#968818
Anti-virus software may not properly scan malformed zip archives

Source: CCN
Type: McAfee DAT Files Dowloads Web page
DAT Files

Source: CCN
Type: OSVDB ID: 10963
Multiple Anti-Virus Zero Compressed Size Header Detection Bypass

Source: BID
Type: Exploit, Patch, Vendor Advisory
11448

Source: CCN
Type: BID-11448
Multiple Vendor Antivirus Software Zip Files Detection Evasion Vulnerability

Source: XF
Type: UNKNOWN
antivirus-zip-protection-bypass(17761)

Source: XF
Type: UNKNOWN
antivirus-zip-protection-bypass(17761)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:archive_zip:archive_zip:1.13:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_puremessage_anti-virus:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_small_business_suite:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:antivirus_engine:4.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_desktop:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_for_file_servers:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_antivirus:7.0_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_for_mail_servers:8.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_intrusion_detection:-:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:virusscan:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.1::windows:*:*:*:*:*
  • OR cpe:/a:kaspersky:anti-virus:16.0.0.614:*:*:*:*:*:*:*
  • OR cpe:/a:eset:nod32_antivirus:-:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    archive_zip archive zip 1.13
    broadcom etrust ez antivirus 6.2
    broadcom etrust ez antivirus 6.3
    broadcom etrust secure content manager 1.0
    ca etrust secure content manager 1.0 sp1
    kaspersky_lab kaspersky anti-virus 4.0
    kaspersky_lab kaspersky anti-virus 5.0
    sophos sophos anti-virus 3.79
    sophos sophos anti-virus 3.80
    sophos sophos puremessage anti-virus 4.6
    sophos sophos small business suite 1.0
    broadcom etrust antivirus gateway 7.1
    broadcom etrust ez antivirus 6.1
    broadcom etrust intrusion detection 1.4.5
    broadcom etrust intrusion detection 1.5
    eset_software nod32 antivirus 1.0.13
    kaspersky_lab kaspersky anti-virus 3.0
    sophos sophos anti-virus 3.78
    sophos sophos anti-virus 3.78d
    sophos sophos anti-virus 3.85
    sophos sophos anti-virus 3.86
    broadcom brightstor arcserve backup 11.1
    broadcom etrust antivirus 7.0
    broadcom etrust ez armor 2.0
    broadcom etrust ez armor 2.3
    broadcom etrust secure content manager 1.1
    broadcom inoculateit 6.0
    mcafee antivirus engine 4.3.20
    rav_antivirus rav antivirus desktop 8.6
    rav_antivirus rav antivirus for file servers 1.0
    sophos sophos anti-virus 3.81
    sophos sophos anti-virus 3.82
    ca etrust antivirus 7.0_sp2
    broadcom etrust antivirus 7.1
    broadcom etrust antivirus gateway 7.0
    broadcom etrust ez armor 2.4
    broadcom etrust intrusion detection 1.4.1.13
    eset_software nod32 antivirus 1.0.11
    eset_software nod32 antivirus 1.0.12
    rav_antivirus rav antivirus for mail servers 8.4.2
    sophos sophos anti-virus 3.4.6
    sophos sophos anti-virus 3.83
    sophos sophos anti-virus 3.84
    mandrakesoft mandrake linux 10.1
    suse suse linux 9.2
    gentoo linux *
    gentoo linux 1.4
    mandrakesoft mandrake linux 10.1
    ca etrust intrusion detection -
    ca inoculateit 6.0
    sophos sophos anti-virus *
    ca etrust antivirus 7.0
    mcafee virusscan *
    ca etrust antivirus 7.1
    ca etrust ez armor 2.0
    ca etrust ez armor 2.3
    ca etrust ez armor 2.4
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 6.2
    ca etrust ez antivirus 6.3
    ca brightstor arcserve backup 11.1
    kaspersky anti-virus 16.0.0.614
    eset nod32 antivirus -
    ca etrust secure content manager 8.0
    gentoo linux *
    mandrakesoft mandrake linux 10.0