• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability

Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.

This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.

This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.

It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.

This BID will be updated as further information is disclosed.