Multiple Vendor Antivirus Products Malformed ZIP Archive Scan Evasion Vulnerability

Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow potentially malformed ZIP archives to bypass detection.

This issue arises when an affected application processes a ZIP archive containing potentially malicious files with specially crafted filenames.

This issue could allow a malicious ZIP archive to bypass detection and to be executed by a recipient.

This vulnerability reportedly affects Trend Micro InterScan VirusWall for Linux version 3.1. AVG Anti-Virus is reported affected as well.

Sophos Sweep is being removed as a vulnerable package since the vendor has reported that the correct procedure for scanning archives is to use the '-all' switch instead of '-archive'. The application is not affected if '-all' switch is used to scan a malicious archive.

This BID will be updated when more information becomes available.


Privacy Statement
Copyright 2010, SecurityFocus