ID

VAR-200412-0351

CVE

CVE-2004-2442

TITLE

F-Secure Anti-Virus ZIP Archive Scanner Bypass Vulnerability

DESCRIPTION

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. It is reported that the software does not filter certain ZIP archives. Exploitation of this vulnerability may result in a false sense of security and in the execution of malicious applications. The vulnerability does not prevent compressed files from being opened on the target system. TITLE: F-Secure Products Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA13263 VERIFY ADVISORY: http://secunia.com/advisories/13263/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: F-Secure Internet Security 2005 http://secunia.com/product/4300/ F-Secure Internet Security 2004 http://secunia.com/product/3499/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Samba Servers 4.x http://secunia.com/product/3501/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Firewalls 6.x http://secunia.com/product/451/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus 5.x http://secunia.com/product/3334/ F-Secure Anti-Virus 2005 http://secunia.com/product/4299/ F-Secure Anti-Virus 2004 http://secunia.com/product/3500/ DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing ".zip" archives and can be exploited via a specially crafted ".zip" archive, which the scanner incorrectly calculates be of zero length. Successful exploitation causes malware in a specially crafted ".zip" archive to bypass the scanning functionality. NOTE: This is not a critical issue on client systems, as the malware still is detected when it is extracted. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2004-3.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES

CREDITS

F-Secure

SOURCES

LAST UPDATE DATE

2024-08-14T13:51:14.201000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE