| Vulnerability Name: | CVE-2005-3378 (CCN-24579) | ||||||||
| Assigned: | 2005-10-25 | ||||||||
| Published: | 2005-10-25 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-3370 Source: MITRE Type: CNA CVE-2005-3371 Source: MITRE Type: CNA CVE-2005-3372 Source: MITRE Type: CNA CVE-2005-3373 Source: MITRE Type: CNA CVE-2005-3374 Source: MITRE Type: CNA CVE-2005-3375 Source: MITRE Type: CNA CVE-2005-3376 Source: MITRE Type: CNA CVE-2005-3377 Source: MITRE Type: CNA CVE-2005-3378 Source: MITRE Type: CNA CVE-2005-3379 Source: MITRE Type: CNA CVE-2005-3380 Source: MITRE Type: CNA CVE-2005-3381 Source: MITRE Type: CNA CVE-2005-3382 Source: MITRE Type: CNA CVE-2005-3399 Source: MITRE Type: CNA CVE-2005-3400 Source: MITRE Type: CNA CVE-2005-3401 Source: BUGTRAQ Type: UNKNOWN 20051025 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Source: CCN Type: BugTraq Mailing List, 2005-10-25 14:00:54 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through Source: CCN Type: BugTraq Mailing List, 2005-10-26 19:27:17 Update for the magic byte bug Source: CCN Type: McAfee Internet Security Suite 2005 Web site Internet Security Suite - Desktop Security Software - McAfee Source: CCN Type: ArcaVir Web site ArcaBit - ArcaVir Antivirus Monitor Source: CCN Type: Dr. Web Web site DialogueScience, Inc. - anti-virus solutions for your security Source: CCN Type: F-Prot Web site F-Prot Antivirus Products - Detailed product information on F-Prot Antvirus for Windows, Linux, BSD, Exchange, AIX, Solaris and DOS as well as F-Prot AVES anti-virus and anti-spam email filtering service Source: CCN Type: AVG Antivirus Web site AVG Anti Virus: HOME Source: CCN Type: Ikarus AntiVirus Web site IKARUS Software Vienna - Sober.C stort den Weihnachtsfrieden! Source: CCN Type: Kaspersky Antivirus Web site Kaspersky Lab > Antivirus Software, Computer Virus Protection`AntiSpyware`Spam Filter`Computer Security Source: CCN Type: Norman Virus Control Web site :: NORMAN :: Antivirus | Firewall | Network security Source: CCN Type: OSVDB ID: 20932 Multiple Anti-Virus Crafted Filetype Header Scan Bypass (magic byte) Source: CCN Type: Panda Antivirus Titanium 2005 Web site Panda Security Magazine Source: MISC Type: UNKNOWN http://www.securityelf.org/magicbyte.html Source: MISC Type: Vendor Advisory http://www.securityelf.org/magicbyteadv.html Source: MISC Type: UNKNOWN http://www.securityelf.org/updmagic.html Source: BID Type: UNKNOWN 15189 Source: CCN Type: BID-15189 Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability Source: CCN Type: Sophos Anti-Virus Web site Sophos - Manageable endpoint security Source: CCN Type: OfficeScan Web site Trend Micro Enterprise Homepage Source: CCN Type: PC-cillin Web site PC-cillin Internet Security Source: CCN Type: UNA Web site Àíòèâèðóñ UNA Source: CCN Type: eTrust Antivirus Web site Antivirus, Security Management Source: XF Type: UNKNOWN antivirus-mz-header-detection-bypass(24579) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||