ISS X-Force Database: antivirus-archive-header-bypass-detection(22570): Multiple vendor antivirus MZ archive header scan detection bypass

Multiple vendor antivirus MZ archive header scan detection bypass

antivirus-archive-header-bypass-detection (22570)

Medium Risk

Description:

Multiple vendor antivirus scanners could allow malicious files to bypass scan detection measures, caused by a vulnerability in the processing of archive files containing specially-crafted MS-DOS MZ headers. A remote attacker could exploit this vulnerability by sending a compressed malicious file containing a virus to unsuspecting victims, which could bypass antivirus protection and potentially be extracted and executed on the victim's system.

Consequences:

Bypass Security

Remedy:

Some vendors have released upgraded versions to correct this vulnerability. Contact your anti-virus vendor for the latest upgrade or patch information.

References:

AntiVir Antivirus Web site: AntiVir PersonalEdition Classic - More than Security.
ArcaVir Antivirus Web site: ArcaBit - ArcaVir Antivirus Monitor.
Avast Antivirus Web site: avast! antivirus software - computer virus, worm and Trojan protection by ALWIL Software.
Avira Antivirus Web site: AVIRA - Antivirus Solutions for Windows and Linux.
BitDefender AntiVirus Web site: BitDefender AntiVirus - Data Security, AntiVirus Software, Free Protection.
BugTraq Mailing List, Fri Oct 07 2005 - 16:11:29 CDT: Antivirus detection bypass by special crafted archive.
CAT Quick Heal Web site: Protect your cyber space. Use Anti-Virus Quick Heal.
ClamAV Antivirus Web site: ClamAV: Project News.
Dr.Web Antivirus Web site: Dr.Web Anti-virus - official website of Doctor Web, Ltd..
eTrust-Iris Antivirus Web site: eTrust� EZ Antivirus 2005 - CA Consumer: Download or Physical Shipment.
F-Prot Antivirus: F-Prot Antivirus | F-Prot AVES - anti-spam and anti-virus e-mail filtering service |.
Fortinet Antivirus Web site: Fortinet Antivirus & Firewall Devices from RaidWeb.
Grisoft AVG AntiVirus Web site: AVG Anti Virus: HOME.
Ikarus AntiVirus Web site: IKARUS Software Vienna - Sober.C st�rt den Weihnachtsfrieden!.
Kaspersky Antivirus Web site: Kaspersky Lab > Antivirus Software, Computer Virus Protection`AntiSpyware`Spam Filter`Computer Security.
McAfee Antivirus Web site: McAfee - Antivirus Software and Intrusion Prevention Solutions.
NOD32 Antivirus Web site: Eset Home.
Norman Virus Control Antivirus Web site: :: NORMAN :: Antivirus | Firewall | Network security.
Panda Antivirus Web site: Panda Security Magazine.
Proland Protector Plus 2000 AntiVirus Web site: Antivirus Software for Windows XP, Me, 98, 2000, 2003, NT, Exchange and NetWare.
Rising Antivirus Web site: Rising Antivirus International Pty Ltd.
Sophos Antivirus Web site: Sophos - Protect against viruses, spyware, spam and policy abuse.
Symantec Antivirus Web site: Symantec Worldwide Home Page.
Trustix Antivirus Web site: Antivirus free Anti virus software download by Comodo.
UNA Antivirus Web site: Antivirus UNA :: Anti Virus Software.
VBA32 Antivirus Web site: VirusBlokAda.
BID-15046: Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
SECTRACK ID: 1015023: Clam VirusScan May Fail to Detect Viruses in Modified Archives
SECTRACK ID: 1015024: Kaspersky Anti-Virus May Fail to Detect Viruses in Modified Archives
SECTRACK ID: 1015025: Sophos Anti-Virus May Fail to Detect Viruses in Modified Archives
SECTRACK ID: 1015026: Computer Associates eTrust Antivirus May Fail to Detect Viruses in Modified Archives
SECTRACK ID: 1015027: Symantec AntiVirus May Fail to Detect Viruses in Modified Archives

Platforms Affected:

Alwil avast!
Antivir Antivir
Arcabit ArcaVir Antivirus
Avira Avira Antivirus
BitDefender BitDefender Antivirus
CA eTrust EZ Antivirus
CA Vet Antivirus
ClamAV ClamAV
DialogueScience Dr. Web
ESET NOD32 Antivirus
F-PROT F-PROT Antivirus
Fortinet Fortinet Antivirus
Grisoft AVG Anti-Virus
IKARUS Security Software Ikarus AntiVirus
Kaspersky Kaspersky Anti-Virus
McAfee VirusScan
Norman Norman Virus Control
Panda Software Panda Antivirus
Proland Software Proland Protector Plus 2000 AntiVirus
Quick Heal CAT Quick Heal
Rising International Rising Antivirus
Sophos Sophos Anti-Virus
Symantec AntiVirus Scan Engine
Trustix Antivirus
Ukrainian Antivirus Center UNA Antivirus
VirusBlokAda VBA32 Antivirus

Reported:

Oct 07, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page