CVE-2009-1348

Summary

CVE	CVE-2009-1348
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2009-04-30 20:30:00 UTC
Updated	2018-10-10 19:36:00 UTC
Description	The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mcafee	Active Virusscan	All	All	All	All
Application	Mcafee	Active Virusscan	All	All	All	All
Application	Mcafee	Active Virus Defense	All	All	All	All
Application	Mcafee	Active Virus Defense	All	All	All	All
Application	Mcafee	Email Gateway	All	All	All	All
Application	Mcafee	Email Gateway	All	All	All	All
Application	Mcafee	Internet Security Suite	All	All	All	All
Application	Mcafee	Internet Security Suite	2004	All	All	All
Application	Mcafee	Internet Security Suite	2005	All	All	All
Application	Mcafee	Internet Security Suite	2006	All	All	All
Application	Mcafee	Internet Security Suite	2009	All	All	All
Application	Mcafee	Internet Security Suite	All	All	All	All
Application	Mcafee	Internet Security Suite	2004	All	All	All
Application	Mcafee	Internet Security Suite	2005	All	All	All
Application	Mcafee	Internet Security Suite	2006	All	All	All
Application	Mcafee	Internet Security Suite	2009	All	All	All
Application	Mcafee	Securityshield For Email Servers	All	All	All	All
Application	Mcafee	Securityshield For Email Servers	All	All	All	All
Application	Mcafee	Securityshield For Microsoft Isa Server	All	All	All	All
Application	Mcafee	Securityshield For Microsoft Isa Server	All	All	All	All
Application	Mcafee	Securityshield For Microsoft Sharepoint	All	All	All	All
Application	Mcafee	Securityshield For Microsoft Sharepoint	All	All	All	All
Application	Mcafee	Total Protection	2009	All	All	All
Application	Mcafee	Total Protection	2009	All	All	All
Application	Mcafee	Total Protection For Endpoint	All	All	All	All
Application	Mcafee	Total Protection For Endpoint	All	All	All	All
Application	Mcafee	Virusscan Commandline	All	All	All	All
Application	Mcafee	Virusscan Commandline	All	All	All	All
Application	Mcafee	Virusscan Enterprise	All	All	All	All
Application	Mcafee	Virusscan Enterprise	-	-	linux	All
Application	Mcafee	Virusscan Enterprise	-	-	sap	All
Application	Mcafee	Virusscan Enterprise	-	-	storage	All
Application	Mcafee	Virusscan Enterprise	All	All	All	All
Application	Mcafee	Virusscan Enterprise	-	-	linux	All
Application	Mcafee	Virusscan Enterprise	-	-	sap	All
Application	Mcafee	Virusscan Enterprise	-	-	storage	All
Application	Mcafee	Virusscan Plus	2009	All	All	All
Application	Mcafee	Virusscan Plus	2009	All	All	All
Application	Mcafee	Virusscan Usb	All	All	All	All
Application	Mcafee	Virusscan Usb	All	All	All	All

References

Reference	Source	Link	Tags
McAfee Products RAR/ZIP Files Scan Evasion Vulnerability	BID	www.securityfocus.com
McAfee Products Archive Handling Security Bypass - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
McAfee KnowledgeBase -	CONFIRM	kc.mcafee.com	Patch, Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Secdev - Thierry Zoller: Mcafee multiple bypasses/evasions (ZIP,RAR)	MISC	blog.zoller.lu
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.