Vulnerabilites related to mcafee - virusscan_plus
cve-2009-1348
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/503173/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34949 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34780 | vdb-entry, x_refsource_BID | |
| http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:24.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
},
{
"name": "34949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34949"
},
{
"name": "34780",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34780"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
},
{
"name": "34949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34949"
},
{
"name": "34780",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34780"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
},
{
"name": "34949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34949"
},
{
"name": "34780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34780"
},
{
"name": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html",
"refsource": "MISC",
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1348",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-20T00:00:00",
"dateUpdated": "2024-08-07T05:13:24.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2024-11-21 01:02
Severity ?
Summary
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55875615-29A3-4092-975C-60E9C8FAB03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A14000E-6A4C-474B-A92B-473A0EB0C533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35188DE1-99A4-42B1-81C3-E2ECBD589605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C68CA8-9525-4FBA-A873-F17524D3F595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0A7659-25FF-4E18-B2BA-34F6FD6410F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "7E69BB96-F48B-43DA-BA7B-530E5148CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "B978BD2B-D454-49BB-81A4-EABA14E75600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC106925-640E-4318-BDED-A9F904961AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53275048-EE57-4204-86FA-BC6B8D5D614F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7A0A32-C1B6-465D-ABB3-156C570A0E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C7EE0B-F166-478E-B800-B4D429B26F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD4E524-C466-4FB5-92FD-7EDAEEAE1F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FAB752-311E-4594-AE25-34BD02844578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BCC0FD-E09A-495A-926A-FE080BE46A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*",
"matchCriteriaId": "316D3C1B-D7E4-4FA9-B5CD-72D18BE775EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*",
"matchCriteriaId": "C64CDC92-E9CD-446A-9ADE-B10A28E20A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*",
"matchCriteriaId": "019C46AA-7537-4930-BDC8-8EA0F6C5A216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4CF979-7A55-4712-9B48-D885B746B62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42D0FC30-BAA5-4677-A3E5-C7A6DEB8BE0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
},
{
"lang": "es",
"value": "El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detecci\u00f3n de virus a trav\u00e9s de (1) un campo Headflags inv\u00e1lido de un archivo RAR malformado, (2) un campo Packsize inv\u00e1lido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado."
}
],
"id": "CVE-2009-1348",
"lastModified": "2024-11-21T01:02:15.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-30T20:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34949"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34780"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}