CVE-2009-1348

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
http://secunia.com/advisories/34949	Vendor Advisory
http://www.securityfocus.com/archive/1/503173/100/0/threaded
http://www.securityfocus.com/bid/34780
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT	Patch Vendor Advisory
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
http://secunia.com/advisories/34949	Vendor Advisory
http://www.securityfocus.com/archive/1/503173/100/0/threaded
http://www.securityfocus.com/bid/34780
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:active_virus_defense::::::::
	cpe:2.3:a:mcafee:active_virusscan::::::::
	cpe:2.3:a:mcafee:email_gateway::::::::
	cpe:2.3:a:mcafee:internet_security_suite::::::::
	cpe:2.3:a:mcafee:internet_security_suite:2004:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2005:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2006:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2009:::::::*
	cpe:2.3:a:mcafee:securityshield_for_email_servers::::::::
	cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server::::::::
	cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint::::::::
	cpe:2.3:a:mcafee:total_protection:2009:::::::*
	cpe:2.3:a:mcafee:total_protection_for_endpoint::::::::
	cpe:2.3:a:mcafee:virusscan_commandline::::::::
	cpe:2.3:a:mcafee:virusscan_enterprise::::::::
	cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:::::*
	cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:::::*
	cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:::::*
	cpe:2.3:a:mcafee:virusscan_plus:2009:::::::*
	cpe:2.3:a:mcafee:virusscan_usb::::::::

History

21 Nov 2024, 01:02

Type	Values Removed	Values Added
References	~~() http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html -~~	() http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html -
References	~~() http://secunia.com/advisories/34949 - Vendor Advisory~~	() http://secunia.com/advisories/34949 - Vendor Advisory
References	~~() http://www.securityfocus.com/archive/1/503173/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/503173/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/34780 -~~	() http://www.securityfocus.com/bid/34780 -
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT - Patch, Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT - Patch, Vendor Advisory

Information

Published : 2009-04-30 20:30

Updated : 2024-11-21 01:02

NVD link : CVE-2009-1348

Mitre link : CVE-2009-1348

CVE.ORG link : CVE-2009-1348

JSON object : View

Products Affected

mcafee

total_protection
virusscan_enterprise
total_protection_for_endpoint
virusscan_plus
securityshield_for_microsoft_isa_server
email_gateway
active_virusscan
securityshield_for_microsoft_sharepoint
internet_security_suite
securityshield_for_email_servers
virusscan_commandline
active_virus_defense
virusscan_usb

CWE

CWE-20

Improper Input Validation

7.6 /10