Anti-Virus.Software.Magic.Byte.Detection.Evasion.MZ
Description
It indicates a possible exploit of detection bypass vulnerability in Multiple Vendor Anti-Virus products.
Multiple Vendor Anti-Virus products are prone to a weakness that may allow remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system.
Affected Products
Ukranian National Antivirus UNA
Trend Micro PC-cillin 2005
Trend Micro OfficeScan Corporate Edition 7.0
TheHacker TheHacker Antivirus 5.8.4 .128
Sophos Anti-Virus 3.91
Panda Titanium
Norman Virus Control 5.81
McAfee VirusScan Enterprise 8.0
McAfee Internet Security Suite 7.1.5
Kaspersky Labs Anti-Virus 5.0.372
Ikarus Ikarus 2.32
Frisk Software F-Prot Antivirus 3.16 c
Fortinet Antivirus 2.48 .0.0
eTrust eTrust CA 7.0.14
Dr.Web Dr.Web 4.32 b
Cat Computer Services Quick Heal Antivirus 8.0
AVG AVG Anti-Virus 7.0.323
ArcaBit ArcaVir 2005.0
Impact
unauthorized access
Recommended Actions
Update Anti-Virus product when it is available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |