Sign-up

ID

VAR-200501-0311


CVE

CVE-2004-0935


TITLE

Anti-virus software may not properly scan malformed zip archives

Trust: 0.8

sources: CERT/CC: VU#968818

DESCRIPTION

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive. Multiple Vendor Antivirus applications are reported vulnerable to a zip file detection evasion vulnerability. This vulnerability may allow maliciously crafted zip files to avoid being scanned and detected. The malicious archive can bypass the protection provided by a vulnerable antivirus program, giving users a false sense of security. If the user opens and executes the file, this attack can result in a malicious code infection. This issue is reported to affected products offered by McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV. Latest antivirus products by Symantec, Bitdefender, Trend Micro and Panda are not vulnerable to this issue. Eset Anti-Virus is an anti-virus software

Trust: 1.98

sources: NVD: CVE-2004-0935 // CERT/CC: VU#968818 // BID: 11448 // VULHUB: VHN-9365

AFFECTED PRODUCTS

vendor:sophosmodel:small business suitescope:eqversion:1.0

Trust: 1.3

vendor:sophosmodel:puremessage anti-virusscope:eqversion:4.6

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.86

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.85

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.84

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.83

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.82

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.81

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.80

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.79

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.78

Trust: 1.3

vendor:sophosmodel:anti-virusscope:eqversion:3.4.6

Trust: 1.3

vendor:mcafeemodel:antivirus enginescope:eqversion:4.3.20

Trust: 1.3

vendor:gentoomodel:linuxscope:eqversion:1.4

Trust: 1.3

vendor:susemodel:linuxscope:eqversion:9.2

Trust: 1.0

vendor:broadcommodel:etrust antivirus gatewayscope:eqversion:7.1

Trust: 1.0

vendor:rav antivirusmodel:desktopscope:eqversion:8.6

Trust: 1.0

vendor:sophosmodel:anti-virusscope:eqversion:3.78d

Trust: 1.0

vendor:broadcommodel:etrust antivirusscope:eqversion:7.1

Trust: 1.0

vendor:broadcommodel:etrust ez armorscope:eqversion:2.3

Trust: 1.0

vendor:kaspersky labmodel:anti-virusscope:eqversion:5.0

Trust: 1.0

vendor:rav antivirusmodel:for file serversscope:eqversion:1.0

Trust: 1.0

vendor:kaspersky labmodel:anti-virusscope:eqversion:3.0

Trust: 1.0

vendor:esetmodel:nod32 antivirusscope:eqversion:1.0.12

Trust: 1.0

vendor:broadcommodel:etrust secure content managerscope:eqversion:1.1

Trust: 1.0

vendor:kaspersky labmodel:anti-virusscope:eqversion:4.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.1

Trust: 1.0

vendor:esetmodel:nod32 antivirusscope:eqversion:1.0.13

Trust: 1.0

vendor:broadcommodel:etrust ez antivirusscope:eqversion:6.2

Trust: 1.0

vendor:broadcommodel:etrust antivirus gatewayscope:eqversion:7.0

Trust: 1.0

vendor:rav antivirusmodel:for mail serversscope:eqversion:8.4.2

Trust: 1.0

vendor:broadcommodel:etrust intrusion detectionscope:eqversion:1.4.1.13

Trust: 1.0

vendor:broadcommodel:etrust antivirusscope:eqversion:7.0

Trust: 1.0

vendor:broadcommodel:etrust secure content managerscope:eqversion:1.0

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:*

Trust: 1.0

vendor:broadcommodel:etrust intrusion detectionscope:eqversion:1.5

Trust: 1.0

vendor:broadcommodel:etrust ez armorscope:eqversion:2.4

Trust: 1.0

vendor:esetmodel:nod32 antivirusscope:eqversion:1.0.11

Trust: 1.0

vendor:broadcommodel:etrust ez antivirusscope:eqversion:6.1

Trust: 1.0

vendor:broadcommodel:brightstor arcserve backupscope:eqversion:11.1

Trust: 1.0

vendor:broadcommodel:inoculateitscope:eqversion:6.0

Trust: 1.0

vendor:broadcommodel:etrust intrusion detectionscope:eqversion:1.4.5

Trust: 1.0

vendor:broadcommodel:etrust ez antivirusscope:eqversion:6.3

Trust: 1.0

vendor:broadcommodel:etrust ez armorscope:eqversion:2.0

Trust: 1.0

vendor:camodel:etrust antivirusscope:eqversion:7.0_sp2

Trust: 1.0

vendor:camodel:etrust secure content managerscope:eqversion:1.0

Trust: 1.0

vendor:archive zipmodel:archive zipscope:eqversion:1.13

Trust: 1.0

vendor:camodel:inoculateitscope:eqversion:6.0

Trust: 0.6

vendor:sophosmodel:anti-virus dscope:eqversion:3.78

Trust: 0.3

vendor:s u s emodel:linux personalscope:eqversion:9.2

Trust: 0.3

vendor:ravmodel:antivirus rav antivirus for mail serversscope:eqversion:8.4.2

Trust: 0.3

vendor:ravmodel:antivirus rav antivirus for file serversscope:eqversion:1.0

Trust: 0.3

vendor:ravmodel:antivirus rav antivirus desktopscope:eqversion:8.6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:10.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:10.1

Trust: 0.3

vendor:kasperskymodel:labs antivirus scanning enginescope:eqversion:5.0

Trust: 0.3

vendor:kasperskymodel:labs antivirus scanning enginescope:eqversion:4.0

Trust: 0.3

vendor:kasperskymodel:labs antivirus scanning enginescope:eqversion:3.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:esetmodel:nod32 antivirusscope:eqversion:1.013

Trust: 0.3

vendor:esetmodel:nod32 antivirusscope:eqversion:1.012

Trust: 0.3

vendor:esetmodel:nod32 antivirusscope:eqversion:1.011

Trust: 0.3

vendor:computermodel:associates inoculateitscope:eqversion:6.0

Trust: 0.3

vendor:computermodel:associates etrust secure content managerscope:eqversion:1.1

Trust: 0.3

vendor:computermodel:associates etrust secure content manager sp1scope:eqversion:1.0

Trust: 0.3

vendor:computermodel:associates etrust secure content managerscope:eqversion:1.0

Trust: 0.3

vendor:computermodel:associates etrust intrusion detectionscope:eqversion:1.5

Trust: 0.3

vendor:computermodel:associates etrust intrusion detectionscope:eqversion:1.4.5

Trust: 0.3

vendor:computermodel:associates etrust intrusion detectionscope:eqversion:1.4.1.13

Trust: 0.3

vendor:computermodel:associates etrust ez armorscope:eqversion:2.4

Trust: 0.3

vendor:computermodel:associates etrust ez armorscope:eqversion:2.3

Trust: 0.3

vendor:computermodel:associates etrust ez armorscope:eqversion:2.0

Trust: 0.3

vendor:computermodel:associates etrust ez antivirusscope:eqversion:6.3

Trust: 0.3

vendor:computermodel:associates etrust ez antivirusscope:eqversion:6.2

Trust: 0.3

vendor:computermodel:associates etrust ez antivirusscope:eqversion:6.1

Trust: 0.3

vendor:computermodel:associates etrust antivirus for the gatewayscope:eqversion:7.1

Trust: 0.3

vendor:computermodel:associates etrust antivirus for the gatewayscope:eqversion:7.0

Trust: 0.3

vendor:computermodel:associates etrust antivirusscope:eqversion:7.1

Trust: 0.3

vendor:computermodel:associates etrust antivirus sp2scope:eqversion:7.0

Trust: 0.3

vendor:computermodel:associates etrust antivirusscope:eqversion:7.0

Trust: 0.3

vendor:computermodel:associates brightstor arcserve backup for windowsscope:eqversion:11.1

Trust: 0.3

vendor:archive zipmodel:archive::zipscope:eqversion:1.13

Trust: 0.3

vendor:archive zipmodel:archive::zipscope:neversion:1.14

Trust: 0.3

sources: BID: 11448 // CNNVD: CNNVD-200501-297 // NVD: CVE-2004-0935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0935
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#968818
value: 7.59

Trust: 0.8

CNNVD: CNNVD-200501-297
value: HIGH

Trust: 0.6

VULHUB: VHN-9365
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-0935
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9365
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#968818 // VULHUB: VHN-9365 // CNNVD: CNNVD-200501-297 // NVD: CVE-2004-0935

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-297

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200501-297

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-9365

PATCH
title:Eset AntiVirus zip Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146863
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200501-297

EXTERNAL IDS
db:CERT/CCid:VU#968818
Trust: 2.5
db:BIDid:11448
Trust: 2.0
db:NVDid:CVE-2004-0935
Trust: 2.0
db:CNNVDid:CNNVD-200501-297
Trust: 0.7
db:EXPLOIT-DBid:629
Trust: 0.1
db:VULHUBid:VHN-9365
Trust: 0.1
sources:
            
            
            CERT/CC: VU#968818 // 
            
            
            
            VULHUB: VHN-9365 // 
            
            
            
            BID: 11448 // 
            
            
            
            CNNVD: CNNVD-200501-297 // 
            
            
            
            NVD: CVE-2004-0935

REFERENCES
url:http://www.securityfocus.com/bid/11448
Trust: 1.7
url:http://www.kb.cert.org/vuls/id/968818
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17761
Trust: 1.7
url:http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true
Trust: 1.6
url:http://www.linuxsecurity.com/advisories/gentoo_advisory-5043.html
Trust: 0.8
url:http://rt.cpan.org/noauth/bug.html?id=8077
Trust: 0.8
url:http://www.idefense.com/application/poi/display?id=153
Trust: 0.8
url:http://download.mcafee.com/uk/updates/updates.asp
Trust: 0.3
url:http://www.nod32.com/
Trust: 0.3
url:http://www.kaspersky.com/
Trust: 0.3
url:http://www.ravantivirus.com/
Trust: 0.3
url:http://www.sophos.com/
Trust: 0.3
url:http://supportconnectw.ca.com/public/ca_common_docs/arclib_vuln.asp
Trust: 0.3
url:/archive/1/378660
Trust: 0.3
url:http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true
Trust: 0.1
sources:
            
            
            CERT/CC: VU#968818 // 
            
            
            
            VULHUB: VHN-9365 // 
            
            
            
            BID: 11448 // 
            
            
            
            CNNVD: CNNVD-200501-297 // 
            
            
            
            NVD: CVE-2004-0935

CREDITS
iDEFENSE Security Advisory※ labs@idefense.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200501-297

SOURCES
db:CERT/CCid:VU#968818
db:VULHUBid:VHN-9365
db:BIDid:11448
db:CNNVDid:CNNVD-200501-297
db:NVDid:CVE-2004-0935

LAST UPDATE DATE
2024-08-14T13:51:14.327000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#968818date:2005-01-14T00:00:00
db:VULHUBid:VHN-9365date:2017-07-11T00:00:00
db:BIDid:11448date:2009-07-12T08:06:00
db:CNNVDid:CNNVD-200501-297date:2021-04-08T00:00:00
db:NVDid:CVE-2004-0935date:2021-04-09T17:00:09.303

SOURCES RELEASE DATE
db:CERT/CCid:VU#968818date:2004-12-10T00:00:00
db:VULHUBid:VHN-9365date:2005-01-27T00:00:00
db:BIDid:11448date:2004-10-18T00:00:00
db:CNNVDid:CNNVD-200501-297date:2004-10-15T00:00:00
db:NVDid:CVE-2004-0935date:2005-01-27T05:00:00