Multiple Vendor Antivirus Software Zip Files Detection Evasion Vulnerability

Bugtraq ID: 11448
Class: Design Error
CVE: CVE-2004-0932
CVE-2004-0933
CVE-2004-0934
CVE-2004-0937
CVE-2004-0935
CVE-2004-0936
Remote: Yes
Local: No
Published: Oct 18 2004 12:00AM
Updated: Jul 12 2009 08:06AM
Credit: An anonymous researcher discovered this issue.
Vulnerable: Sophos Small Business Suite 1.0
+ Sophos Anti-Virus 3.85
+ Sophos Anti-Virus 3.84
+ Sophos Anti-Virus 3.83
+ Sophos Anti-Virus 3.82
+ Sophos Anti-Virus 3.81
+ Sophos Anti-Virus 3.80
Sophos PureMessage Anti-Virus 4.6
Sophos Anti-Virus 3.86
Sophos Anti-Virus 3.85
Sophos Anti-Virus 3.84
Sophos Anti-Virus 3.83
Sophos Anti-Virus 3.82
Sophos Anti-Virus 3.81
Sophos Anti-Virus 3.80
Sophos Anti-Virus 3.79
Sophos Anti-Virus 3.78 d
Sophos Anti-Virus 3.78
Sophos Anti-Virus 3.4.6
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
S.u.S.E. Linux Personal 9.2
RAV AntiVirus RAV AntiVirus for Mail Servers 8.4.2
RAV AntiVirus RAV AntiVirus for File Servers 1.0
RAV AntiVirus RAV AntiVirus Desktop 8.6
McAfee Antivirus Engine 4.3.20
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Kaspersky Labs Antivirus Scanning Engine 5.0
Kaspersky Labs Antivirus Scanning Engine 4.0
Kaspersky Labs Antivirus Scanning Engine 3.0
Gentoo Linux 1.4
Gentoo Linux
Eset NOD32 Antivirus 1.0 13
Eset NOD32 Antivirus 1.0 12
Eset NOD32 Antivirus 1.0 11
Computer Associates InoculateIT 6.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.1.5
- IBM AIX 4.1.4
- IBM AIX 4.1.3
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Redhat Linux 7.1 i386
- Redhat Linux 7.0 i386
- Redhat Linux 6.2 i386
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SCO eServer 2.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- SuSE Linux 7.1 x86
- SuSE Linux 7.0
- SuSE Linux 6.4
Computer Associates eTrust Secure Content Manager 1.1
Computer Associates eTrust Secure Content Manager 1.0 SP1
Computer Associates eTrust Secure Content Manager 1.0
Computer Associates eTrust Intrusion Detection 1.5
Computer Associates eTrust Intrusion Detection 1.4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Computer Associates eTrust Intrusion Detection 1.4.1 .13
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Computer Associates eTrust EZ Armor 2.4
Computer Associates eTrust EZ Armor 2.3
Computer Associates eTrust EZ Armor 2.0
Computer Associates eTrust EZ Antivirus 6.3
Computer Associates eTrust EZ Antivirus 6.2
Computer Associates eTrust EZ Antivirus 6.1
Computer Associates eTrust Antivirus for the Gateway 7.1
Computer Associates eTrust Antivirus for the Gateway 7.0
Computer Associates eTrust Antivirus 7.1
Computer Associates eTrust Antivirus 7.0 SP2
Computer Associates eTrust Antivirus 7.0
Computer Associates BrightStor ARCServe Backup for Windows 11.1
Archive::Zip Archive::Zip 1.13
Not Vulnerable: Archive::Zip Archive::Zip 1.14


 

Privacy Statement
Copyright 2010, SecurityFocus