NOD32 Antivirus Zip Archive Virus Detection Bypass Vulnerability

Discussion in 'NOD32 version 2 Forum' started by A884126, Oct 20, 2004.

Thread Status:
Not open for further replies.
  1. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Description:
    A vulnerability has been reported in NOD32 Antivirus, which can be exploited by malware to bypass certain scanning functionality.

    The vulnerability is caused due to an error when parsing .zip archive headers and can be exploited via a specially crafted .zip archive where the uncompressed size of the archived file has been modified within the local and global headers.

    Successful exploitation causes malware in a specially crafted .zip archive to pass the scanning functionality undetected.

    NOTE: This is not a critical issue on client systems, as the malware still is detected upon execution.

    Solution:
    The vendor reports that the vulnerability has been fixed in the archive-support module version 1.020, which is available via Automatic Virus-Signatures Update.
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
  3. A884126

    A884126 Registered Member

    Joined:
    May 16, 2004
    Posts:
    191
    Oop sorry i missed it. All my apologies.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That's ok, would rather have it posted twice, than not at all ;)

    Cheers :D
     
Thread Status:
Not open for further replies.