cvelistv5 - cve-2008-0910

cve-2008-0910

Vulnerability from cvelistv5

Published

2008-02-22 22:00

Modified

2024-08-07 08:01

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28919	Vendor Advisory
cve@mitre.org	http://www.f-secure.com/security/fsc-2008-1.shtml	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019405
cve@mitre.org	http://www.securitytracker.com/id?1019412
cve@mitre.org	http://www.securitytracker.com/id?1019413
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0544/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28919	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/security/fsc-2008-1.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019405
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019412
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019413
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0544/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "fsecure-cab-rar-security-bypass(40480)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
          },
          {
            "name": "1019405",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019405"
          },
          {
            "name": "1019412",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019412"
          },
          {
            "name": "28919",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28919"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
          },
          {
            "name": "1019413",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019413"
          },
          {
            "name": "ADV-2008-0544",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0544/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "fsecure-cab-rar-security-bypass(40480)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
        },
        {
          "name": "1019405",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019405"
        },
        {
          "name": "1019412",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019412"
        },
        {
          "name": "28919",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28919"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
        },
        {
          "name": "1019413",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019413"
        },
        {
          "name": "ADV-2008-0544",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0544/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0910",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "fsecure-cab-rar-security-bypass(40480)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
            },
            {
              "name": "1019405",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019405"
            },
            {
              "name": "1019412",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019412"
            },
            {
              "name": "28919",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28919"
            },
            {
              "name": "http://www.f-secure.com/security/fsc-2008-1.shtml",
              "refsource": "CONFIRM",
              "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
            },
            {
              "name": "1019413",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019413"
            },
            {
              "name": "ADV-2008-0544",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0544/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0910",
    "datePublished": "2008-02-22T22:00:00",
    "dateReserved": "2008-02-22T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1106DE08-DE9A-488B-8C5D-28E353CDEEEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8609465-1436-4F50-B7EE-0DF9DA7AA4CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47EC4EB-268A-4BB9-820D-AA3DB8D1A655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85517B0C-8C1A-4306-8466-2C138AD0709A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0657810-2CB9-4887-8AA2-3E0927937820\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59FA86FF-A114-44EB-884A-766BEE17FD5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CD2B3CE-78CC-4BE7-80EB-25675371B5CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04102648-2C1C-420E-BBF7-5C948F0EE479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9848B969-A0A4-4F38-9C6C-79395EFF8254\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"605AB820-8069-430A-89AC-3E0122EB3B96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E77AB622-B899-46FD-9DFA-1964B57A9458\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8DB2DD7-86DC-440A-B8D9-0A84034E808F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C788A5AB-C847-476C-9767-C6711F2D4EA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3972C7F1-8B78-4A5D-8A75-C6CA01E997DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0DCADF7-B044-4646-B215-52685609ED49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.00\", \"matchCriteriaId\": \"A097721B-9CBA-4E2D-B5E5-B7AAD938E61F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.00\", \"matchCriteriaId\": \"604EFE23-657D-406F-81BF-17BA524E8423\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security de 2006 a 2008, Anti-Virus de 2006 a 2008, F-Secure Protection Service y otros, permiten a atacantes remotos evitar las detecciones del malware a trav\\u00e9s de un archivo RAR manipulado. NOTA: podr\\u00eda estar relacionado con CVE-2008-0792.\"}]",
      "id": "CVE-2008-0910",
      "lastModified": "2024-11-21T00:43:12.243",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2008-02-22T22:44:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28919\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2008-1.shtml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019405\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019412\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019413\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0544/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40480\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.f-secure.com/security/fsc-2008-1.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019413\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0544/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40480\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0910\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-22T22:44:00.000\",\"lastModified\":\"2024-11-21T00:43:12.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security de 2006 a 2008, Anti-Virus de 2006 a 2008, F-Secure Protection Service y otros, permiten a atacantes remotos evitar las detecciones del malware a trav\u00e9s de un archivo RAR manipulado. NOTA: podr\u00eda estar relacionado con CVE-2008-0792.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1106DE08-DE9A-488B-8C5D-28E353CDEEEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8609465-1436-4F50-B7EE-0DF9DA7AA4CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47EC4EB-268A-4BB9-820D-AA3DB8D1A655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85517B0C-8C1A-4306-8466-2C138AD0709A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0657810-2CB9-4887-8AA2-3E0927937820\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59FA86FF-A114-44EB-884A-766BEE17FD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD2B3CE-78CC-4BE7-80EB-25675371B5CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04102648-2C1C-420E-BBF7-5C948F0EE479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9848B969-A0A4-4F38-9C6C-79395EFF8254\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"605AB820-8069-430A-89AC-3E0122EB3B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E77AB622-B899-46FD-9DFA-1964B57A9458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8DB2DD7-86DC-440A-B8D9-0A84034E808F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C788A5AB-C847-476C-9767-C6711F2D4EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3972C7F1-8B78-4A5D-8A75-C6CA01E997DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0DCADF7-B044-4646-B215-52685609ED49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.00\",\"matchCriteriaId\":\"A097721B-9CBA-4E2D-B5E5-B7AAD938E61F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.00\",\"matchCriteriaId\":\"604EFE23-657D-406F-81BF-17BA524E8423\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28919\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2008-1.shtml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019405\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019413\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0544/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40480\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.f-secure.com/security/fsc-2008-1.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0544/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792. The problem is CVE-2008-0792 May be related toSkillfully crafted by a third party RAR Malware may be avoided through the archive. F-Secure Anti-Virus is prone to a security bypass vulnerability. A remote attacker can bypass error checking with a well-crafted RAR program.

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: F-Secure Products CAB and RAR Archives Security Bypass

SECUNIA ADVISORY ID: SA28919

VERIFY ADVISORY: http://secunia.com/advisories/28919/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From remote

OPERATING SYSTEM: F-Secure Messaging Security Gateway P-Series http://secunia.com/product/8998/ F-Secure Messaging Security Gateway X-Series http://secunia.com/product/8997/

SOFTWARE: F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2007 http://secunia.com/product/14374/ F-Secure Anti-Virus 2008 http://secunia.com/product/17554/ F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2007 http://secunia.com/product/14375/ F-Secure Internet Security 2008 http://secunia.com/product/17555/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus Client Security 7.x http://secunia.com/product/14381/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Workstations 7.x http://secunia.com/product/14226/ F-Secure Anti-Virus Linux Client Security 5.x http://secunia.com/product/14377/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus for Windows Servers 7.x http://secunia.com/product/14382/ F-Secure Anti-Virus Linux Server Security 5.x http://secunia.com/product/14376/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Microsoft Exchange 7.x http://secunia.com/product/14551/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/

DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality.

The vulnerability is caused due to an error in the handling of CAB and RAR files and can be exploited to bypass the anti-virus scanning functionality via a specially crafted CAB or RAR file. Please see the vendor's advisory for details.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller of n.runs AG.

ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2008-1.shtml

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200802-0141",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "2007"
      },
      {
        "model": "f-secure anti-virus linux client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "5.53"
      },
      {
        "model": "f-secure anti-virus linux client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "5.52"
      },
      {
        "model": "f-secure anti-virus for workstations",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "7.10"
      },
      {
        "model": "f-secure anti-virus for workstations",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "7.00"
      },
      {
        "model": "f-secure anti-virus for workstations",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "5.44"
      },
      {
        "model": "f-secure anti-virus for linux",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "4.65"
      },
      {
        "model": "f-secure anti-virus client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "7.10"
      },
      {
        "model": "f-secure anti-virus client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "f secure",
        "version": "7.01"
      },
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "2008"
      },
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "2006"
      },
      {
        "model": "f-secure anti-virus client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "6.04"
      },
      {
        "model": "f-secure anti-virus client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "6.03"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "2008"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "2007"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "f secure",
        "version": "2006"
      },
      {
        "model": "f-secure protection service for business",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "3.00"
      },
      {
        "model": "f-secure protection service for consumers",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f secure",
        "version": "7.00"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "2006 to  2008"
      },
      {
        "model": "f-secure internet security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f secure",
        "version": "2006 to  2008"
      },
      {
        "model": "f-secure protection service for consumers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.00"
      },
      {
        "model": "f-secure protection service for business",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "3.00"
      },
      {
        "model": "f-secure internet security second edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2007"
      },
      {
        "model": "f-secure anti-virus second edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "2007"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "85119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "85119"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-0910",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2008-0910",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-31035",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-0910",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200802-427",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31035",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792. The problem is CVE-2008-0792 May be related toSkillfully crafted by a third party RAR Malware may be avoided through the archive. F-Secure Anti-Virus is prone to a security bypass vulnerability. A remote attacker can bypass error checking with a well-crafted RAR program. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nF-Secure Products CAB and RAR Archives Security Bypass\n\nSECUNIA ADVISORY ID:\nSA28919\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28919/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nF-Secure Messaging Security Gateway P-Series\nhttp://secunia.com/product/8998/\nF-Secure Messaging Security Gateway X-Series\nhttp://secunia.com/product/8997/\n\nSOFTWARE:\nF-Secure Anti-Virus 2006\nhttp://secunia.com/product/6882/\nF-Secure Anti-Virus 2007\nhttp://secunia.com/product/14374/\nF-Secure Anti-Virus 2008\nhttp://secunia.com/product/17554/\nF-Secure Internet Security 2006\nhttp://secunia.com/product/6883/\nF-Secure Internet Security 2007\nhttp://secunia.com/product/14375/\nF-Secure Internet Security 2008\nhttp://secunia.com/product/17555/\nF-Secure Anti-Virus Client Security 6.x\nhttp://secunia.com/product/5786/\nF-Secure Anti-Virus Client Security 7.x\nhttp://secunia.com/product/14381/\nF-Secure Anti-Virus for Workstations 5.x\nhttp://secunia.com/product/457/\nF-Secure Anti-Virus for Workstations 7.x\nhttp://secunia.com/product/14226/\nF-Secure Anti-Virus Linux Client Security 5.x\nhttp://secunia.com/product/14377/\nF-Secure Anti-Virus for Linux 4.x\nhttp://secunia.com/product/3165/\nF-Secure Anti-Virus for Windows Servers 5.x\nhttp://secunia.com/product/452/\nF-Secure Anti-Virus for Windows Servers 7.x\nhttp://secunia.com/product/14382/\nF-Secure Anti-Virus Linux Server Security 5.x\nhttp://secunia.com/product/14376/\nF-Secure Anti-Virus for Citrix Servers 5.x\nhttp://secunia.com/product/5198/\nF-Secure Anti-Virus for Microsoft Exchange 6.x\nhttp://secunia.com/product/454/\nF-Secure Anti-Virus for Microsoft Exchange 7.x\nhttp://secunia.com/product/14551/\nF-Secure Internet Gatekeeper 6.x\nhttp://secunia.com/product/3339/\nF-Secure Internet Gatekeeper for Linux 2.x\nhttp://secunia.com/product/4635/\nF-Secure Anti-Virus for MIMEsweeper 5.x\nhttp://secunia.com/product/455/\n\nDESCRIPTION:\nA vulnerability has been reported in various F-Secure products, which\ncan be exploited by malware to bypass the scanning functionality. \n\nThe vulnerability is caused due to an error in the handling of CAB\nand RAR files and can be exploited to bypass the anti-virus scanning\nfunctionality via a specially crafted CAB or RAR file. Please see the vendor\u0027s advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Thierry Zoller of n.runs AG. \n\nORIGINAL ADVISORY:\nhttp://www.f-secure.com/security/fsc-2008-1.shtml\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "BID",
        "id": "85119"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "PACKETSTORM",
        "id": "63608"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-0910",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1019413",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1019405",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1019412",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "28919",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-0544",
        "trust": 1.7
      },
      {
        "db": "XF",
        "id": "40480",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "85119",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-31035",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "63608",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "BID",
        "id": "85119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "63608"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "id": "VAR-200802-0141",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:38.292000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security advisories",
        "trust": 0.8,
        "url": "http://www.f-secure.com/en/web/labs_global/security-advisories"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
      },
      {
        "trust": 2.0,
        "url": "http://www.securitytracker.com/id?1019405"
      },
      {
        "trust": 2.0,
        "url": "http://www.securitytracker.com/id?1019412"
      },
      {
        "trust": 2.0,
        "url": "http://www.securitytracker.com/id?1019413"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/28919"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/0544/references"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
      },
      {
        "trust": 0.9,
        "url": "http://xforce.iss.net/xforce/xfdb/40480"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0910"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0910"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/0544/references"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/457/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/454/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/28919/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/455/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14377/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/452/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6883/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5786/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14382/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3339/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17554/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5198/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8997/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17555/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14374/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6882/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8998/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14376/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14375/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3165/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4635/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14226/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14381/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14551/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "BID",
        "id": "85119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "63608"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "db": "BID",
        "id": "85119"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "63608"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-02-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "date": "2008-02-22T00:00:00",
        "db": "BID",
        "id": "85119"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "date": "2008-02-14T00:18:22",
        "db": "PACKETSTORM",
        "id": "63608"
      },
      {
        "date": "2008-02-22T22:44:00",
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "date": "2008-02-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31035"
      },
      {
        "date": "2008-02-22T00:00:00",
        "db": "BID",
        "id": "85119"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      },
      {
        "date": "2017-08-08T01:29:46.087000",
        "db": "NVD",
        "id": "CVE-2008-0910"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  F-Secure Vulnerability that can prevent malware in anti-virus products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-002758"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200802-427"
      }
    ],
    "trust": 0.6
  }
}

cve-2008-0910

Vulnerability from fkie_nvd

Published

2008-02-22 22:44

Modified

2024-11-21 00:43

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28919	Vendor Advisory
cve@mitre.org	http://www.f-secure.com/security/fsc-2008-1.shtml	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019405
cve@mitre.org	http://www.securitytracker.com/id?1019412
cve@mitre.org	http://www.securitytracker.com/id?1019413
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0544/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28919	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.f-secure.com/security/fsc-2008-1.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019405
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019412
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019413
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0544/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40480

Impacted products

Vendor	Product	Version
f-secure	f-secure_anti-virus	2006
f-secure	f-secure_anti-virus	2007
f-secure	f-secure_anti-virus	2007
f-secure	f-secure_anti-virus	2008
f-secure	f-secure_anti-virus_client_security	6.03
f-secure	f-secure_anti-virus_client_security	6.04
f-secure	f-secure_anti-virus_client_security	7.01
f-secure	f-secure_anti-virus_client_security	7.10
f-secure	f-secure_anti-virus_for_linux	4.65
f-secure	f-secure_anti-virus_for_workstations	5.44
f-secure	f-secure_anti-virus_for_workstations	7.00
f-secure	f-secure_anti-virus_for_workstations	7.10
f-secure	f-secure_anti-virus_linux_client_security	5.52
f-secure	f-secure_anti-virus_linux_client_security	5.53
f-secure	f-secure_internet_security	2006
f-secure	f-secure_internet_security	2007
f-secure	f-secure_internet_security	2007
f-secure	f-secure_internet_security	2008
f-secure	f-secure_protection_service_for_business	*
f-secure	f-secure_protection_service_for_consumers	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6B8424-EED8-4A09-9A9C-FC5F76A9FAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "1106DE08-DE9A-488B-8C5D-28E353CDEEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*",
              "matchCriteriaId": "C8609465-1436-4F50-B7EE-0DF9DA7AA4CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47EC4EB-268A-4BB9-820D-AA3DB8D1A655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "85517B0C-8C1A-4306-8466-2C138AD0709A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0657810-2CB9-4887-8AA2-3E0927937820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA86FF-A114-44EB-884A-766BEE17FD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD2B3CE-78CC-4BE7-80EB-25675371B5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "04102648-2C1C-420E-BBF7-5C948F0EE479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "9848B969-A0A4-4F38-9C6C-79395EFF8254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "605AB820-8069-430A-89AC-3E0122EB3B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9F9488-8DA8-48A9-9A11-B5E0D7AA9A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "E77AB622-B899-46FD-9DFA-1964B57A9458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8DB2DD7-86DC-440A-B8D9-0A84034E808F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "C788A5AB-C847-476C-9767-C6711F2D4EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "3972C7F1-8B78-4A5D-8A75-C6CA01E997DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*",
              "matchCriteriaId": "C0DCADF7-B044-4646-B215-52685609ED49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "08ED9945-DC9F-4F4F-B2EB-B63986BCC7D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A097721B-9CBA-4E2D-B5E5-B7AAD938E61F",
              "versionEndIncluding": "3.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "604EFE23-657D-406F-81BF-17BA524E8423",
              "versionEndIncluding": "7.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos antivirus de F-Secure, incluyendo Internet Security de 2006 a 2008, Anti-Virus de 2006 a 2008, F-Secure Protection Service y otros, permiten a atacantes remotos evitar las detecciones del malware a trav\u00e9s de un archivo RAR manipulado. NOTA: podr\u00eda estar relacionado con CVE-2008-0792."
    }
  ],
  "id": "CVE-2008-0910",
  "lastModified": "2024-11-21T00:43:12.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-22T22:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28919"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019405"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0544/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0544/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2008-0910

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0910

Aliases

CVE-2008-0910

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0910",
    "description": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792.",
    "id": "GSD-2008-0910"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0910"
      ],
      "details": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792.",
      "id": "GSD-2008-0910",
      "modified": "2023-12-13T01:22:59.151072Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0910",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "fsecure-cab-rar-security-bypass(40480)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
          },
          {
            "name": "1019405",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019405"
          },
          {
            "name": "1019412",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019412"
          },
          {
            "name": "28919",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28919"
          },
          {
            "name": "http://www.f-secure.com/security/fsc-2008-1.shtml",
            "refsource": "CONFIRM",
            "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
          },
          {
            "name": "1019413",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019413"
          },
          {
            "name": "ADV-2008-0544",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0544/references"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_linux:4.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:5.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:second_edition:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2007:second_edition:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_for_workstations:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_business:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_protection_service_for_consumers:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:6.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:5.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0910"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.f-secure.com/security/fsc-2008-1.shtml",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
            },
            {
              "name": "28919",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28919"
            },
            {
              "name": "1019405",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019405"
            },
            {
              "name": "1019412",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019412"
            },
            {
              "name": "1019413",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019413"
            },
            {
              "name": "ADV-2008-0544",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0544/references"
            },
            {
              "name": "fsecure-cab-rar-security-bypass(40480)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-02-22T22:44Z"
    }
  }
}

ghsa-m8c8-vwp2-gj7m

Vulnerability from github

Published

2022-05-01 23:34

Modified

2022-05-01 23:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0910"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-22T22:44:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive.  NOTE: this might be related to CVE-2008-0792.",
  "id": "GHSA-m8c8-vwp2-gj7m",
  "modified": "2022-05-01T23:34:37Z",
  "published": "2022-05-01T23:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0910"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40480"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28919"
    },
    {
      "type": "WEB",
      "url": "http://www.f-secure.com/security/fsc-2008-1.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019405"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019412"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019413"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0544/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2008-0910

Vulnerability from cvelistv5

var-200802-0141

Vulnerability from variot

cve-2008-0910

Vulnerability from fkie_nvd

gsd-2008-0910

Vulnerability from gsd

ghsa-m8c8-vwp2-gj7m

Vulnerability from github

Tags

Sightings

Nomenclature