Vulnerability Name:

CVE-2008-5537 (CCN-47435)

Assigned:2008-12-08
Published:2008-12-08
Updated:2018-10-11
Summary:PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.0 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: BugTraq Mailing List, Mon Dec 08 2008 - 00:26:16 CST
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass

Source: CCN
Type: BugTraq Mailing List, Tue Dec 09 2008 - 10:34:48 CST
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-

Source: MITRE
Type: CNA
CVE-2008-5520

Source: MITRE
Type: CNA
CVE-2008-5521

Source: MITRE
Type: CNA
CVE-2008-5522

Source: MITRE
Type: CNA
CVE-2008-5523

Source: MITRE
Type: CNA
CVE-2008-5524

Source: MITRE
Type: CNA
CVE-2008-5525

Source: MITRE
Type: CNA
CVE-2008-5526

Source: MITRE
Type: CNA
CVE-2008-5527

Source: MITRE
Type: CNA
CVE-2008-5528

Source: MITRE
Type: CNA
CVE-2008-5529

Source: MITRE
Type: CNA
CVE-2008-5530

Source: MITRE
Type: CNA
CVE-2008-5531

Source: MITRE
Type: CNA
CVE-2008-5532

Source: MITRE
Type: CNA
CVE-2008-5533

Source: MITRE
Type: CNA
CVE-2008-5534

Source: MITRE
Type: CNA
CVE-2008-5535

Source: MITRE
Type: CNA
CVE-2008-5536

Source: MITRE
Type: CNA
CVE-2008-5537

Source: MITRE
Type: CNA
CVE-2008-5538

Source: MITRE
Type: CNA
CVE-2008-5539

Source: MITRE
Type: CNA
CVE-2008-5540

Source: MITRE
Type: CNA
CVE-2008-5541

Source: MITRE
Type: CNA
CVE-2008-5542

Source: MITRE
Type: CNA
CVE-2008-5543

Source: MITRE
Type: CNA
CVE-2008-5544

Source: MITRE
Type: CNA
CVE-2008-5545

Source: MITRE
Type: CNA
CVE-2008-5546

Source: MITRE
Type: CNA
CVE-2008-5547

Source: MITRE
Type: CNA
CVE-2008-5548

Source: SREASON
Type: UNKNOWN
4723

Source: CCN
Type: Trend Micro Web site
Trend Micro

Source: CCN
Type: Kaspersky Web site
Internet Security 2009

Source: CCN
Type: AhnLab Web site
AhnLab - Antivirus Software and Security Solutions Provider

Source: CCN
Type: Aladdin Web site
eSafe

Source: CCN
Type: VirusBlokAda Web site
VBA32 ANTI-VIRUS

Source: CCN
Type: avast! Web site
avast!

Source: CCN
Type: AVG Web site
AVG Antivirus and Security Software

Source: CCN
Type: CA Web site
CA

Source: CCN
Type: ClamAV Web site
ClamAV

Source: CCN
Type: ESET Web site
ESET Smart Security

Source: CCN
Type: ewido Web site
ewido

Source: CCN
Type: Fortinet Web site
Fortinet

Source: CCN
Type: Avira AntiVir Web site
Avira AntiVir

Source: CCN
Type: Dr.Web Web site
Dr.Web

Source: CCN
Type: Hacksoft Web site
The Hacker Software

Source: CCN
Type: HAURI Web site
The AntiVirus Wizards of HAURI

Source: CCN
Type: IKARUS Web site
IKARUS Security Software

Source: CCN
Type: K7 Computing Web site
K7 Computing

Source: CCN
Type: Norman Web site
:: NORMAN :: Antivirus | Firewall | Network security

Source: CCN
Type: Opera Web site
Opera Browser

Source: CCN
Type: Panda Security Web site
Antivirus, anti-spyware, anti-spam, firewall. Protect yourself with Panda Security

Source: CCN
Type: PC Tools Web site
PC Tools AntiVirus

Source: CCN
Type: Prevx Web site
Prevx

Source: CCN
Type: Quick Heal Web site
Quick Heal

Source: CCN
Type: RISING Web site
RISING - Antivirus,Firewall,Virus,Trojan,Worm Protection,Free Download

Source: CCN
Type: Secure Computing Web site
Secure Computing

Source: BUGTRAQ
Type: UNKNOWN
20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass

Source: BUGTRAQ
Type: UNKNOWN
20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-

Source: CCN
Type: Sunbelt Software Web site
Antivirus & Antispyware Software

Source: CCN
Type: Symantec Web site
Symantec

Source: CCN
Type: VirusBuster Web site
VirusBuster

Source: XF
Type: UNKNOWN
multiple-antivirus-mzheader-code-execution(47435)

Source: XF
Type: UNKNOWN
multiple-antivirus-mzheader-code-execution(47435)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:pctools:pctools_antivirus:4.4.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:ca:etrust_antivirus:*:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
  • OR cpe:/a:eset:smart_security:*:*:*:*:*:*:*:*
  • OR cpe:/a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:eset:nod32_antivirus:3662:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:hacksoft:the_hacker:6.3.1.2.174:*:*:*:*:*:*:*
  • OR cpe:/a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*
  • OR cpe:/a:virusblokada:vba32_antivirus:3.12.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:hauri:virobot:2008.12.4.1499:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    pctools pctools antivirus 4.4.2.0
    microsoft internet explorer 6
    microsoft internet explorer 7
    ca etrust antivirus *
    clamav clamav 0.94.1
    eset smart security *
    aladdin esafe 7.0.17.0
    eset nod32 antivirus 3662
    symantec antivirus 10.0
    hacksoft the hacker 6.3.1.2.174
    trendmicro trend micro antivirus 9.120.0.1004
    virusblokada vba32 antivirus 3.12.8.5
    hauri virobot 2008.12.4.1499