Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.900656 |
Category: | General |
Title: | McAfee Products Security Bypass Vulnerability (Windows) |
Summary: | This host is installed with McAfee products and are prone to; Security Bypass vulnerability. |
Description: | Summary: This host is installed with McAfee products and are prone to Security Bypass vulnerability. Vulnerability Insight: Error in AV Engine fails to handle specially crafted packets via, - an invalid Headflags and Packsize fields in a malformed RAR archive. - an invalid Filelength field in a malformed ZIP archive. Vulnerability Impact: Successful exploitation will allow attackers to bypass the anti-virus scanning and distribute files containing malicious code that the antivirus application will fail to detect. Affected Software/OS: McAfee VirusScan McAfee Email Gateyway McAfee Total Protection McAfee Active VirusScan McAfee Internet Security McAfee Security for Email Servers McAfee Security for Microsoft Sharepoint McAfee SecurityShield for Microsoft ISA Server McAfee software that uses DAT files prior to 5600 on Windows Solution: Updates are available through DAT files 5600 or later. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 34780 Common Vulnerability Exposure (CVE) ID: CVE-2009-1348 http://www.securityfocus.com/bid/34780 Bugtraq: 20090501 [TZO-18-2009] Mcafee multiple evasions/bypasses (RAR, ZIP) (Google Search) http://www.securityfocus.com/archive/1/503173/100/0/threaded http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html http://secunia.com/advisories/34949 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |