Multiple.AV.Invalid.Checksum.Bypass
Description
Multiple antivirus products from various vendors have a bypass vulnerability. A remote attacker can modify the checksum of one file local header field in a zip file to bypass the detection of the antivirus. The attacker can diffuse invasive files such as virus.
Affected Products
McAfee VirusScan 4.5.1
McAfee VirusScan 4.5
McAfee VirusScan 4.0.3
McAfee VirusScan 4.0
Symantec Norton AntiVirus Corporate Edition 8.0
H+BEDV Antivir Windows Workstation 6.30 .0.5
Softwin BitDefender 7.0
Symantec AntiVirus Corporate Edition 8.01
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
AVG AVG Anti-Virus 7.1.308
Sybari Antigen for Exchange 7.5.1314
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.grisoft.com/us/us_index.php
http://www.bitdefender.com/
http://www.mcafee.com/
http://www.geocities.com/visitbipin/crc.html
http://www.symantec.com/
http://www.hbedv.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |