Multiple.AV.Invalid.Checksum.Bypass

description-logoDescription

Multiple antivirus products from various vendors have a bypass vulnerability. A remote attacker can modify the checksum of one file local header field in a zip file to bypass the detection of the antivirus. The attacker can diffuse invasive files such as virus.

affected-products-logoAffected Products

McAfee VirusScan 4.5.1
McAfee VirusScan 4.5
McAfee VirusScan 4.0.3
McAfee VirusScan 4.0
Symantec Norton AntiVirus Corporate Edition 8.0
H+BEDV Antivir Windows Workstation 6.30 .0.5
Softwin BitDefender 7.0
Symantec AntiVirus Corporate Edition 8.01
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
AVG AVG Anti-Virus 7.1.308
Sybari Antigen for Exchange 7.5.1314

Impact logoImpact

Gain Access

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)