cvelistv5 - CVE-2009-1348

CVE-2009-1348 (GCVE-0-2009-1348)

Vulnerability from cvelistv5 – Published: 2009-04-30 20:00 – Updated: 2024-08-07 05:13

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/503173/100…	mailing-listx_refsource_BUGTRAQ
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://secunia.com/advisories/34949	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34780	vdb-entryx_refsource_BID
	http://blog.zoller.lu/2009/04/mcafee-multiple-byp…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:24.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
          },
          {
            "name": "34949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34949"
          },
          {
            "name": "34780",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34780"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
        },
        {
          "name": "34949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34949"
        },
        {
          "name": "34780",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34780"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1348",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
            },
            {
              "name": "34949",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34949"
            },
            {
              "name": "34780",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34780"
            },
            {
              "name": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html",
              "refsource": "MISC",
              "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1348",
    "datePublished": "2009-04-30T20:00:00",
    "dateReserved": "2009-04-20T00:00:00",
    "dateUpdated": "2024-08-07T05:13:24.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55875615-29A3-4092-975C-60E9C8FAB03E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A14000E-6A4C-474B-A92B-473A0EB0C533\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35188DE1-99A4-42B1-81C3-E2ECBD589605\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E7C68CA8-9525-4FBA-A873-F17524D3F595\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB0A7659-25FF-4E18-B2BA-34F6FD6410F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E69BB96-F48B-43DA-BA7B-530E5148CCC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B978BD2B-D454-49BB-81A4-EABA14E75600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC106925-640E-4318-BDED-A9F904961AE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53275048-EE57-4204-86FA-BC6B8D5D614F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E7A0A32-C1B6-465D-ABB3-156C570A0E5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3C7EE0B-F166-478E-B800-B4D429B26F93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CD4E524-C466-4FB5-92FD-7EDAEEAE1F6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1FAB752-311E-4594-AE25-34BD02844578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0BCC0FD-E09A-495A-926A-FE080BE46A20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*\", \"matchCriteriaId\": \"316D3C1B-D7E4-4FA9-B5CD-72D18BE775EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*\", \"matchCriteriaId\": \"C64CDC92-E9CD-446A-9ADE-B10A28E20A3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*\", \"matchCriteriaId\": \"019C46AA-7537-4930-BDC8-8EA0F6C5A216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B4CF979-7A55-4712-9B48-D885B746B62F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42D0FC30-BAA5-4677-A3E5-C7A6DEB8BE0E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.\"}, {\"lang\": \"es\", \"value\": \"El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detecci\\u00f3n de virus a trav\\u00e9s de (1) un campo Headflags inv\\u00e1lido de un archivo RAR malformado, (2) un campo Packsize inv\\u00e1lido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado.\"}]",
      "id": "CVE-2009-1348",
      "lastModified": "2024-11-21T01:02:15.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-04-30T20:30:00.467",
      "references": "[{\"url\": \"http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34949\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503173/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34780\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/503173/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1348\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-04-30T20:30:00.467\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.\"},{\"lang\":\"es\",\"value\":\"El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detecci\u00f3n de virus a trav\u00e9s de (1) un campo Headflags inv\u00e1lido de un archivo RAR malformado, (2) un campo Packsize inv\u00e1lido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55875615-29A3-4092-975C-60E9C8FAB03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A14000E-6A4C-474B-A92B-473A0EB0C533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35188DE1-99A4-42B1-81C3-E2ECBD589605\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7C68CA8-9525-4FBA-A873-F17524D3F595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0A7659-25FF-4E18-B2BA-34F6FD6410F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E69BB96-F48B-43DA-BA7B-530E5148CCC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B978BD2B-D454-49BB-81A4-EABA14E75600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC106925-640E-4318-BDED-A9F904961AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53275048-EE57-4204-86FA-BC6B8D5D614F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E7A0A32-C1B6-465D-ABB3-156C570A0E5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3C7EE0B-F166-478E-B800-B4D429B26F93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD4E524-C466-4FB5-92FD-7EDAEEAE1F6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FAB752-311E-4594-AE25-34BD02844578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0BCC0FD-E09A-495A-926A-FE080BE46A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*\",\"matchCriteriaId\":\"316D3C1B-D7E4-4FA9-B5CD-72D18BE775EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*\",\"matchCriteriaId\":\"C64CDC92-E9CD-446A-9ADE-B10A28E20A3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*\",\"matchCriteriaId\":\"019C46AA-7537-4930-BDC8-8EA0F6C5A216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B4CF979-7A55-4712-9B48-D885B746B62F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42D0FC30-BAA5-4677-A3E5-C7A6DEB8BE0E\"}]}]}],\"references\":[{\"url\":\"http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34949\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503173/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34780\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/503173/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2009-1348

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1348

Aliases

CVE-2009-1348

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1348",
    "description": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.",
    "id": "GSD-2009-1348"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1348"
      ],
      "details": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.",
      "id": "GSD-2009-1348",
      "modified": "2023-12-13T01:19:47.373270Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1348",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT",
            "refsource": "CONFIRM",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
          },
          {
            "name": "34949",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34949"
          },
          {
            "name": "34780",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34780"
          },
          {
            "name": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html",
            "refsource": "MISC",
            "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1348"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
            },
            {
              "name": "34780",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34780"
            },
            {
              "name": "34949",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34949"
            },
            {
              "name": "20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:36Z",
      "publishedDate": "2009-04-30T20:30Z"
    }
  }
}

VAR-200904-0511

Vulnerability from variot - Updated: 2023-12-18 13:20

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. The issue affects all McAfee software that uses DAT files. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics

Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia

TITLE: McAfee Products Archive Handling Security Bypass

SECUNIA ADVISORY ID: SA34949

VERIFY ADVISORY: http://secunia.com/advisories/34949/

DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality.

The weaknesses are caused due to errors in the handling of archive file formats (e.g.

SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp

PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger.

ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. ____________

From the low-hanging-fruit-department - Mcafee multiple generic evasions

Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between)

Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan

It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced

I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions."

II. Description

The parsing engine can be bypassed by a specially crafted and formated
RAR (Headflags and Packsize),ZIP (Filelenght) archive. 

III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at : 
http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html

The bug results in denying the engine the possibility to inspect
code within RAR and ZIP archives. There is no inspection of the content
at all and hence the impossibility to detect malicious code. 


IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
DD/MM/YYYY
04/04/2009 : Send proof of concept RAR I, description the terms under which 
             I cooperate and the planned disclosure date

06/04/2009 : Send proof of concept RAR II, description the terms under which 
             I cooperate and the planned disclosure date

06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack
             acknowledges receipt of RARII                       

10/04/2009 : Send proof of concept ZIP I, description the terms under which 
             I cooperate and the planned disclosure date

21/04/2009 : Mcafee provides CVE number CVE-2009-1348 

28/04/2009 : Mcafee informs me that the patch might be released on the 29th
29/04/2009 : Mcafee confirms patch release and provides URL
             https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

29/04/2009 : Ask for affected versions

29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including 
             both gateway and endpoint"





_______________________________________________
Full-Disclosure - We believe in it. 
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/. Description

Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime.

This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics.

General information about evasion/bypasses can be found at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html

III. Impact

Known PDF exploits/malware may evade signature detection, 0day exploits
may evade heuristics. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
DD.MM.YYYY
01.06.2009 - Reported 
20.10.2009 - McAfee informed us that they published the advisory on their website
< waiting for others vendors to patch >
27.10.2009 - G-SEC releases this advisory

About G-SEC

G-SEC\x99 is a vendor independent luxemburgish led IT security consulting group. More information available at : http://www.g-sec.lu/

Full-Disclosure - We believe in it. ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0511",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "securityshield for microsoft isa server",
        "scope": null,
        "trust": 1.7,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "active virusscan",
        "scope": null,
        "trust": 1.7,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "active virus defense",
        "scope": null,
        "trust": 1.7,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan enterprise",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": null,
        "trust": 1.4,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "total protection for endpoint",
        "scope": null,
        "trust": 1.4,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan plus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2009"
      },
      {
        "model": "total protection",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2009"
      },
      {
        "model": "virusscan command line",
        "scope": null,
        "trust": 1.1,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "virusscan enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "securityshield for microsoft sharepoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "virusscan usb",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "securityshield for email servers",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2009"
      },
      {
        "model": "active virus defense",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "active virusscan",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "virusscan commandline",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "total protection for endpoint",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "securityshield for microsoft isa server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "*"
      },
      {
        "model": "internet security suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "security for email servers",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "security for microsoft sharepoint",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan plus",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan usb",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "total protection",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "securityshield for email servers",
        "scope": null,
        "trust": 0.6,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "securityshield for microsoft sharepoint",
        "scope": null,
        "trust": 0.6,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan commandline",
        "scope": null,
        "trust": 0.6,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "20070"
      },
      {
        "model": "virusscan enterprise i patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.015"
      },
      {
        "model": "virusscan enterprise i patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.012"
      },
      {
        "model": "virusscan enterprise i patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.011"
      },
      {
        "model": "virusscan enterprise i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.0"
      },
      {
        "model": "virusscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "8.0"
      },
      {
        "model": "virusscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "virex",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7"
      },
      {
        "model": "virex",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "total protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "20070"
      },
      {
        "model": "portalshield for microsoft sharepoint",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "netshield for netware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4"
      },
      {
        "model": "netshield for netware",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "linuxshield",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "1"
      },
      {
        "model": "linuxshield",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "groupshield for lotus domino on windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5"
      },
      {
        "model": "groupshield for lotus domino on aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5"
      },
      {
        "model": "groupshield for lotus domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7"
      },
      {
        "model": "groupshield for lotus domino",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.55.0.964.1"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.55.0.902.1"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.55.0.1007.1"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "20005"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "6.0"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.5"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "6.0.616.102"
      },
      {
        "model": "groupshield for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4"
      },
      {
        "model": "virusscan usb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "virusscan professional",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "virusscan enterprise for storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "virusscan enterprise for sap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "total protection for endpoint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "total protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "security for microsoft sharepoint",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "security for email servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Thierry Zoller and Mickael Roger",
    "sources": [
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2009-1348",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-1348",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-38794",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-1348",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-560",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-38794",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. \nSuccessful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. \nThe issue affects all McAfee software that uses DAT files. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\nHighlights from the 2008 report:\n * Vulnerability Research\n * Software Inspection Results\n * Secunia Research Highlights\n * Secunia Advisory Statistics\n\nRequest the full 2008 Report here:\nhttp://secunia.com/advisories/try_vi/request_2008_report/\n\nStay Secure,\n\nSecunia\n\n\n----------------------------------------------------------------------\n\nTITLE:\nMcAfee Products Archive Handling Security Bypass\n\nSECUNIA ADVISORY ID:\nSA34949\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34949/\n\nDESCRIPTION:\nSome weaknesses have been reported in various McAfee products, which\ncan be exploited by malware to bypass the scanning functionality. \n\nThe weaknesses are caused due to errors in the handling of archive\nfile formats (e.g. \n\nSOLUTION:\nUpdate .DAT files to DAT 5600 or later. \nhttp://www.mcafee.com/apps/downloads/security_updates/dat.asp\n\nPROVIDED AND/OR DISCOVERED BY:\n* Thierry Zoller\n* The vendor also credits Mickael Roger. \n\nORIGINAL ADVISORY:\nMcAfee:\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nThierry Zoller:\nhttp://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ________________________________________________________________________\n\nFrom the low-hanging-fruit-department - Mcafee multiple generic evasions\n________________________________________________________________________\n\nRelease mode: Coordinated but limited disclosure. \nRef         : TZO-182009 - Mcafee multiple generic evasions\nWWW         : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html\nVendor      : http://www.mcafee.com\nStatus      : Patched\nCVE         : CVE-2009-1348 (provided by mcafee)\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n\nSecurity notification reaction rating : very good\nNotification to patch window : +-27 days (Eastern holidays in between)\n\nDisclosure Policy : \nhttp://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html\n\nAffected products : \n- McAfee VirusScan\\xae Plus 2009\n- McAfee Total Protection\\x99 2009\n- McAfee Internet Security\n- McAfee VirusScan USB\n- McAfee VirusScan Enterprise\n- McAfee VirusScan Enterprise Linux\n- McAfee VirusScan Enterprise for SAP\n- McAfee VirusScan Enterprise for Storage\n- McAfee VirusScan Commandline\n- Mcafee SecurityShield for Microsoft ISA Server\n- Mcafee Security for Microsoft Sharepoint\n- Mcafee Security for Email Servers\n- McAfee Email Gateyway\n- McAfee Total Protection for Endpoint\n- McAfee Active Virus Defense\n- McAfee Active VirusScan\n \nIt is unkown whether SaaS were affected (tough likely) :\n- McAfee Email Security Service\n- McAfee Total Protection Service Advanced\n\n\nI. Background\n~~~~~~~~~~~~~\nQuote: \"McAfee proactively secures systems and networks from known \nand as yet undiscovered threats worldwide. Home users, businesses, \nservice providers, government agencies, and our partners all trust \nour unmatched security expertise and have confidence in our \ncomprehensive and proven solutions to effectively block attacks\nand prevent disruptions.\"\n\n\nII. Description\n~~~~~~~~~~~~~~~\nThe parsing engine can be bypassed by a specially crafted and formated\nRAR (Headflags and Packsize),ZIP (Filelenght) archive. \n\nIII. Impact\n~~~~~~~~~~~\nA general description of the impact and nature of AV Bypasses/evasions\ncan be read at : \nhttp://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html\n\nThe bug results in denying the engine the possibility to inspect\ncode within RAR and ZIP archives. There is no inspection of the content\nat all and hence the impossibility to detect malicious code. \n\n\nIV. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD/MM/YYYY\n04/04/2009 : Send proof of concept RAR I, description the terms under which \n             I cooperate and the planned disclosure date\n                         \n06/04/2009 : Send proof of concept RAR II, description the terms under which \n             I cooperate and the planned disclosure date\n                         \n06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack\n             acknowledges receipt of RARII                       \n                         \n10/04/2009 : Send proof of concept ZIP I, description the terms under which \n             I cooperate and the planned disclosure date\n\n21/04/2009 : Mcafee provides CVE number CVE-2009-1348 \n                         \n28/04/2009 : Mcafee informs me that the patch might be released on the 29th\n29/04/2009 : Mcafee confirms patch release and provides URL\n             https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT\n                         \n29/04/2009 : Ask for affected versions\n\n29/04/2009 : Mcafee replies \" This issue does affect all vs engine products, including \n             both gateway and endpoint\"\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/. Description\n~~~~~~~~~~~~~~~\nImproper parsing of the PDF structure leads to evasion of detection of \nmalicious PDF documents at scantime and runtime. \n  \nThis has been tested with several malicious PDF files and represents\na generic evasion of all PDF signatures and heuristics. \n\nGeneral information about evasion/bypasses can be found at :\nhttp://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html\n\nIII. Impact\n~~~~~~~~~~~\nKnown PDF exploits/malware may evade signature detection, 0day exploits\nmay evade heuristics. Disclosure timeline\n~~~~~~~~~~~~~~~~~~~~~~~~~\nDD.MM.YYYY\n01.06.2009 - Reported \n20.10.2009 - McAfee informed us that they published the advisory on their website\n\u003c waiting for others vendors to patch \u003e\n27.10.2009 - G-SEC releases this advisory\n\nAbout G-SEC\n~~~~~~~~~~~\nG-SEC\\x99  is  a  vendor independent luxemburgish led IT security consulting\ngroup. More information available at : http://www.g-sec.lu/\n\n\n\n\n\n\n\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82292"
      },
      {
        "db": "PACKETSTORM",
        "id": "82334"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1348",
        "trust": 3.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10001",
        "trust": 2.2
      },
      {
        "db": "BID",
        "id": "34780",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "34949",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20090501 [TZO-18-2009] MCAFEE MULTIPLE EVASIONS/BYPASSES (RAR, ZIP)",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10003",
        "trust": 0.5
      },
      {
        "db": "BID",
        "id": "36848",
        "trust": 0.4
      },
      {
        "db": "SECUNIA",
        "id": "37179",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-38794",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77183",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77170",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82334",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82292"
      },
      {
        "db": "PACKETSTORM",
        "id": "82334"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "id": "VAR-200904-0511",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:20:22.676000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SB10001",
        "trust": 0.8,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10001\u0026actp=list_recent"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
      },
      {
        "trust": 2.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10001\u0026actp=list_recent"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/34780"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/34949"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1348"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1348"
      },
      {
        "trust": 0.6,
        "url": "http://www.mcafee.com/"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/503173/100/0/threaded"
      },
      {
        "trust": 0.5,
        "url": "http://www.g-sec.lu/mcafee-pdf-bypass.html"
      },
      {
        "trust": 0.5,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10003"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503173"
      },
      {
        "trust": 0.2,
        "url": "http://www.mcafee.com/apps/downloads/security_updates/dat.asp"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://www.mcafee.com"
      },
      {
        "trust": 0.2,
        "url": "http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10001\u0026amp;actp=list_recent"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34949/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      },
      {
        "trust": 0.1,
        "url": "http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.g-sec.lu/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37179/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82292"
      },
      {
        "db": "PACKETSTORM",
        "id": "82334"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "db": "PACKETSTORM",
        "id": "82292"
      },
      {
        "db": "PACKETSTORM",
        "id": "82334"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "date": "2009-10-27T00:00:00",
        "db": "BID",
        "id": "36848"
      },
      {
        "date": "2009-04-30T00:00:00",
        "db": "BID",
        "id": "34780"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "date": "2009-05-02T05:21:02",
        "db": "PACKETSTORM",
        "id": "77183"
      },
      {
        "date": "2009-05-01T02:03:00",
        "db": "PACKETSTORM",
        "id": "77170"
      },
      {
        "date": "2009-10-28T01:02:31",
        "db": "PACKETSTORM",
        "id": "82292"
      },
      {
        "date": "2009-10-28T15:59:53",
        "db": "PACKETSTORM",
        "id": "82334"
      },
      {
        "date": "2009-04-30T20:30:00.467000",
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "date": "2009-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-38794"
      },
      {
        "date": "2015-03-19T09:04:00",
        "db": "BID",
        "id": "36848"
      },
      {
        "date": "2009-05-01T22:46:00",
        "db": "BID",
        "id": "34780"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      },
      {
        "date": "2018-10-10T19:36:17.640000",
        "db": "NVD",
        "id": "CVE-2009-1348"
      },
      {
        "date": "2009-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "36848"
      },
      {
        "db": "BID",
        "id": "34780"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "McAfee VirusScan Used in products such as  AV Vulnerabilities that can be avoided in the engine",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-004587"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-560"
      }
    ],
    "trust": 0.6
  }
}

GHSA-72MQ-5G76-MMQ5

Vulnerability from github – Published: 2022-05-02 03:24 – Updated: 2022-05-02 03:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-30T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.",
  "id": "GHSA-72mq-5g76-mmq5",
  "modified": "2022-05-02T03:24:12Z",
  "published": "2022-05-02T03:24:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1348"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
    },
    {
      "type": "WEB",
      "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34949"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans les produits McAfee permet de contourner le mécanisme de détection des codes malveillants.

Description

Une vulnérabilité a été découverte dans les produits McAfee. L'exploitation de cette vulnérabilité, par le biais d'une archive spécifiquement conçue, permet de contourner la détection des codes malveillants au niveau des passerelles antivirales.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Tous les produits McAfee utilisant un fichier .DAT en version antérieure à 5600.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité McAfee SB10001 du 29 avril 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eTous les produits \u003cSPAN class=\"textit\"\u003eMcAfee\u003c/SPAN\u003e utilisant  un fichier \u003cTT\u003e.DAT\u003c/TT\u003e en version ant\u00e9rieure \u00e0 5600.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits McAfee.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9, par le biais d\u0027une archive\nsp\u00e9cifiquement con\u00e7ue, permet de contourner la d\u00e9tection des codes\nmalveillants au niveau des passerelles antivirales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1348"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans les produits \u003cspan class=\"textit\"\u003eMcAfee\u003c/span\u003e\npermet de contourner le m\u00e9canisme de d\u00e9tection des codes malveillants.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits McAfee",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 McAfee SB10001 du 29 avril 2009",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001"
    }
  ]
}

CERTA-2009-AVI-172

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans les produits McAfee permet de contourner le mécanisme de détection des codes malveillants.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Tous les produits McAfee utilisant un fichier .DAT en version antérieure à 5600.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité McAfee SB10001 du 29 avril 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eTous les produits \u003cSPAN class=\"textit\"\u003eMcAfee\u003c/SPAN\u003e utilisant  un fichier \u003cTT\u003e.DAT\u003c/TT\u003e en version ant\u00e9rieure \u00e0 5600.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits McAfee.\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9, par le biais d\u0027une archive\nsp\u00e9cifiquement con\u00e7ue, permet de contourner la d\u00e9tection des codes\nmalveillants au niveau des passerelles antivirales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1348"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-172",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans les produits \u003cspan class=\"textit\"\u003eMcAfee\u003c/span\u003e\npermet de contourner le m\u00e9canisme de d\u00e9tection des codes malveillants.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits McAfee",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 McAfee SB10001 du 29 avril 2009",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001"
    }
  ]
}

FKIE_CVE-2009-1348

Vulnerability from fkie_nvd - Published: 2009-04-30 20:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
cve@mitre.org	http://secunia.com/advisories/34949	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/503173/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34780
cve@mitre.org	https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34949	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/503173/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34780
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mcafee	active_virus_defense	*
mcafee	active_virusscan	*
mcafee	email_gateway	*
mcafee	internet_security_suite	*
mcafee	internet_security_suite	2004
mcafee	internet_security_suite	2005
mcafee	internet_security_suite	2006
mcafee	internet_security_suite	2009
mcafee	securityshield_for_email_servers	*
mcafee	securityshield_for_microsoft_isa_server	*
mcafee	securityshield_for_microsoft_sharepoint	*
mcafee	total_protection	2009
mcafee	total_protection_for_endpoint	*
mcafee	virusscan_commandline	*
mcafee	virusscan_enterprise	*
mcafee	virusscan_enterprise	-
mcafee	virusscan_enterprise	-
mcafee	virusscan_enterprise	-
mcafee	virusscan_plus	2009
mcafee	virusscan_usb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:active_virus_defense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55875615-29A3-4092-975C-60E9C8FAB03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:active_virusscan:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A14000E-6A4C-474B-A92B-473A0EB0C533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:email_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35188DE1-99A4-42B1-81C3-E2ECBD589605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C68CA8-9525-4FBA-A873-F17524D3F595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A7659-25FF-4E18-B2BA-34F6FD6410F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E69BB96-F48B-43DA-BA7B-530E5148CCC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2009:*:*:*:*:*:*:*",
              "matchCriteriaId": "B978BD2B-D454-49BB-81A4-EABA14E75600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:securityshield_for_email_servers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC106925-640E-4318-BDED-A9F904961AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:securityshield_for_microsoft_isa_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53275048-EE57-4204-86FA-BC6B8D5D614F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:securityshield_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E7A0A32-C1B6-465D-ABB3-156C570A0E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:total_protection:2009:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C7EE0B-F166-478E-B800-B4D429B26F93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:total_protection_for_endpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CD4E524-C466-4FB5-92FD-7EDAEEAE1F6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_commandline:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1FAB752-311E-4594-AE25-34BD02844578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0BCC0FD-E09A-495A-926A-FE080BE46A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:linux:*:*:*:*:*",
              "matchCriteriaId": "316D3C1B-D7E4-4FA9-B5CD-72D18BE775EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:sap:*:*:*:*:*",
              "matchCriteriaId": "C64CDC92-E9CD-446A-9ADE-B10A28E20A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_enterprise:-:-:storage:*:*:*:*:*",
              "matchCriteriaId": "019C46AA-7537-4930-BDC8-8EA0F6C5A216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_plus:2009:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4CF979-7A55-4712-9B48-D885B746B62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan_usb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D0FC30-BAA5-4677-A3E5-C7A6DEB8BE0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive."
    },
    {
      "lang": "es",
      "value": "El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detecci\u00f3n de virus a trav\u00e9s de (1) un campo Headflags inv\u00e1lido de un archivo RAR malformado, (2) un campo Packsize inv\u00e1lido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado."
    }
  ],
  "id": "CVE-2009-1348",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-30T20:30:00.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34949"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34780"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503173/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10001\u0026actp=LIST_RECENT"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1348 (GCVE-0-2009-1348)

GSD-2009-1348

VAR-200904-0511

GHSA-72MQ-5G76-MMQ5

CERTA-2009-AVI-172

Description

Solution

CERTA-2009-AVI-172

Description

Solution

FKIE_CVE-2009-1348

Tags

Sightings

Nomenclature