Possible AV vulnerability

Discussion in 'other security issues & news' started by Pilli, Oct 20, 2004.

Thread Status:
Not open for further replies.
  1. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Just picked this up.

    http://www.securiteam.com/securitynews/6E00G2ABFY.html

    Quotes from the article:

    Summary
    Remote exploitation of an exceptional error condition in multiple vendors' anti-virus software allows attackers to bypass security protections by evading virus detection.

    How:
    The problem specifically exists in the parsing of .zip archive headers. The .zip file format stores information about compressed files in two locations - a local header and a global header. The local header exists just before the compressed data of each file, and the global header exists at the end of the .zip archive.

    Impact
    Successful exploitation allows remote attackers to pass malicious payloads within a compressed archive to a target without being detected. Most anti-virus engines have the ability to scan content packaged with compressed archives. As such, users with up-to-date anti-virus software are more likely to open attachments and files if they are under the false impression that the archive was already scanned and found to not contain a virus.
     
    Pilli, Oct 20, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...