Multiple.Vendor.AntiVirus.Extended.ASCII.Security.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in multiple Anti-Virus products.
The vulnerability is due to an input validation error when handling files with names that contain special or extended ASCII characters. A remote attacker can exploit this to evade anti-virus scan allowing them to deliver viruses to the targeted system.
Affected Products
SOFTWIN BitDefender 9.0 and prior
Comodo Group Trustix AntiVirus 2005 and prior
ALWIL Software Avast! AntiVirus 4.6 and prior
CA eTrust QuickHeal AntiVirus 2005 and prior
Abacre Software Abacre Antivirus any
Deerfield.com VisNetic AntiVirus any
Avira AntiVir PersonalEdition Classic
ClamAV Project ClamAV for Windows
Anity Labs Ghostbusters Professional Edition 5 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Update the product to a non-vulnerable version
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |