Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1348

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2009-1348
Last Modified 19 May 2009 12:00:00
Published 30 Apr 2009 04:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-1348

Summary

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Vulnerable Systems

Application

  • Mcafee Active Virus Defense

  • Mcafee Active Virusscan

  • Mcafee Email Gateway

  • Mcafee Internet Security Suite

  • Mcafee Internet Security Suite 2004

  • Mcafee Internet Security Suite 2005

  • Mcafee Internet Security Suite 2006

  • Mcafee Internet Security Suite 2009

  • Mcafee Securityshield For Email Servers

  • Mcafee Securityshield For Microsoft Isa Server

  • Mcafee Securityshield For Microsoft Sharepoint

  • Mcafee Total Protection 2009

  • Mcafee Total Protection For Endpoint

  • Mcafee Virusscan Commandline

  • Mcafee Virusscan Enterprise

  • Mcafee Virusscan Enterprise -

  • Mcafee Virusscan Plus 2009

  • Mcafee Virusscan Usb


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

BID - 34780

BUGTRAQ - 20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP)

SECUNIA - 34949

MISC - http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html


Last Updated: 27 May 2016 10:50:32