Vulnerability Name:

CVE-2004-1096 (CCN-17761)

Assigned:2004-10-18
Published:2004-10-18
Updated:2021-04-09
Summary:Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2004-0932

Source: MITRE
Type: CNA
CVE-2004-0933

Source: MITRE
Type: CNA
CVE-2004-0934

Source: MITRE
Type: CNA
CVE-2004-0935

Source: MITRE
Type: CNA
CVE-2004-0936

Source: MITRE
Type: CNA
CVE-2004-0937

Source: MITRE
Type: CNA
CVE-2004-1096

Source: CCN
Type: McAfee Anti-Virus Updates Web page
Anti-Virus Updates

Source: CCN
Type: SA13038
Archive::Zip Zip Archive Virus Detection Bypass Vulnerability

Source: SECUNIA
Type: UNKNOWN
13038

Source: CCN
Type: CA SupportConnect Web site
Arclib.dll Vulnerability

Source: CCN
Type: GLSA-200410-31
Archive::Zip: Virus detection evasion

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200410-31

Source: CCN
Type: iDEFENSE Security Advisory 10.18.04
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

Source: IDEFENSE
Type: Vendor Advisory
20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability

Source: CCN
Type: Kaspersky Web site
Kaspersky Labs - antivirus protection - protect your cyberspace

Source: CCN
Type: US-CERT VU#492545
Archive::Zip may not properly parse the file sizes of Zip archives

Source: CERT-VN
Type: US Government Resource
VU#492545

Source: CCN
Type: US-CERT VU#968818
Anti-virus software may not properly scan malformed zip archives

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:118

Source: CCN
Type: McAfee DAT Files Dowloads Web page
DAT Files

Source: CCN
Type: OSVDB ID: 10963
Multiple Anti-Virus Zero Compressed Size Header Detection Bypass

Source: BID
Type: Exploit, Patch, Vendor Advisory
11448

Source: CCN
Type: BID-11448
Multiple Vendor Antivirus Software Zip Files Detection Evasion Vulnerability

Source: XF
Type: UNKNOWN
antivirus-zip-protection-bypass(17761)

Source: XF
Type: UNKNOWN
antivirus-zip-protection-bypass(17761)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_antivirus:7.0_sp2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_desktop:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_for_file_servers:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:antivirus_engine:4.3.20:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_small_business_suite:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_puremessage_anti-virus:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus_gateway:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:eset_software:nod32_antivirus:1.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:rav_antivirus:rav_antivirus_for_mail_servers:8.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_intrusion_detection:-:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sophos:sophos_anti-virus:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:virusscan:*:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ca:brightstor_arcserve_backup:11.1::windows:*:*:*:*:*
  • OR cpe:/a:kaspersky:anti-virus:16.0.0.614:*:*:*:*:*:*:*
  • OR cpe:/a:eset:nod32_antivirus:-:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    broadcom brightstor arcserve backup 11.1
    broadcom etrust ez antivirus 6.2
    broadcom etrust ez antivirus 6.3
    ca etrust secure content manager 1.0 sp1
    broadcom etrust secure content manager 1.1
    broadcom etrust antivirus 7.0
    ca etrust antivirus 7.0_sp2
    broadcom etrust ez armor 2.0
    broadcom etrust ez armor 2.3
    broadcom inoculateit 6.0
    eset_software nod32 antivirus 1.0.11
    rav_antivirus rav antivirus desktop 8.6
    rav_antivirus rav antivirus for file servers 1.0
    sophos sophos anti-virus 3.81
    sophos sophos anti-virus 3.82
    sophos sophos anti-virus 3.83
    kaspersky_lab kaspersky anti-virus 5.0
    mcafee antivirus engine 4.3.20
    sophos sophos anti-virus 3.79
    sophos sophos anti-virus 3.80
    sophos sophos small business suite 1.0
    broadcom etrust antivirus gateway 7.1
    broadcom etrust ez antivirus 6.1
    broadcom etrust intrusion detection 1.5
    broadcom etrust secure content manager 1.0
    kaspersky_lab kaspersky anti-virus 3.0
    kaspersky_lab kaspersky anti-virus 4.0
    sophos sophos anti-virus 3.78
    sophos sophos anti-virus 3.78d
    sophos sophos anti-virus 3.86
    sophos sophos puremessage anti-virus 4.6
    broadcom etrust antivirus 7.1
    broadcom etrust antivirus gateway 7.0
    broadcom etrust ez armor 2.4
    broadcom etrust intrusion detection 1.4.1.13
    broadcom etrust intrusion detection 1.4.5
    eset_software nod32 antivirus 1.0.12
    eset_software nod32 antivirus 1.0.13
    rav_antivirus rav antivirus for mail servers 8.4.2
    sophos sophos anti-virus 3.4.6
    sophos sophos anti-virus 3.84
    sophos sophos anti-virus 3.85
    gentoo linux *
    gentoo linux 1.4
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 10.1
    ca etrust intrusion detection -
    ca inoculateit 6.0
    sophos sophos anti-virus *
    ca etrust antivirus 7.0
    mcafee virusscan *
    ca etrust antivirus 7.1
    ca etrust ez armor 2.0
    ca etrust ez armor 2.3
    ca etrust ez armor 2.4
    ca etrust ez antivirus 6.1
    ca etrust ez antivirus 6.2
    ca etrust ez antivirus 6.3
    ca brightstor arcserve backup 11.1
    kaspersky anti-virus 16.0.0.614
    eset nod32 antivirus -
    ca etrust secure content manager 8.0
    gentoo linux *
    mandrakesoft mandrake linux 10.0