virus logo Intrusion Prevention

Antivirus.Software.Magic.Byte.Detection.Evasion.Security.Bypass

description-logoDescription

It indicates a possible exploit of Security Bypass vulnerability in Multiple Vendor Anti-Virus products.
Multiple Vendor Anti-Virus products are prone to a weakness that may allow remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system.

affected-products-logoAffected Products

Ukranian National Antivirus UNA
Trend Micro PC-cillin 2005
Trend Micro OfficeScan Corporate Edition 7.0
TheHacker TheHacker Antivirus 5.8.4 .128
Sophos Anti-Virus 3.91
Panda Titanium
Norman Virus Control 5.81
McAfee VirusScan Enterprise 8.0
McAfee Internet Security Suite 7.1.5
Kaspersky Labs Anti-Virus 5.0.372
Ikarus Ikarus 2.32
Frisk Software F-Prot Antivirus 3.16 c
Fortinet Antivirus 2.48 .0.0
eTrust eTrust CA 7.0.14
Dr.Web Dr.Web 4.32 b
Cat Computer Services Quick Heal Antivirus 8.0
AVG AVG Anti-Virus 7.0.323
ArcaBit ArcaVir 2005.0

Impact logoImpact

Security Bypass: Remote attackers can bypass security features of vulnerable systems.

recomended-action-logoRecommended Actions

Update Anti-Virus product when it is available.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-18 28.829
Modified
 Name:Anti-Virus.
Software.
Magic.
Byte.
Detection.
Evasion.
MZ:Antivirus.
Software.
Magic.
Byte.
Detection.
Evasion.
Security.
Bypass
2020-12-11 16.978
Removed

References

1
ID 13298
Created Oct 17, 2006
Updated Jul 17, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 3.67%
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type Permission/Privilege/Access Control