F-Prot Antivirus Lets Remote Users Bypass the Scanning Engine with Specially Crafted ZIP Files
|
|
SecurityTracker Alert ID: 1015148 |
|
SecurityTracker URL: http://securitytracker.com/id/1015148
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 3 2005
|
Impact:
Host/resource access via network
|
Vendor Confirmed: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in F-Prot Antivirus. A remote user can send malicious content that will bypass the scanning engine.
The F-prot scanning engine does not properly decompress ZIP files that have a version header value greater then 15. As a result, content within the affected ZIP files will not be scanned and will be determined to be free of malicious content.
The vendor was notified on October 30, 2005.
Thierry Zoller reported this vulnerability.
The original advisory is available at:
http://thierry.sniff-em.com/research/fprot.html
|
Impact:
A remote user can send malicious content that will bypass the scanning engine.
|
Solution:
No solution was available at the time of this entry. The vendor plans to issue a fix.
|
Vendor URL: www.f-prot.com/products/corporate_users/ (Links to External Site)
|
Cause:
Input validation error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 3 Nov 2005 09:00:52 -0500
Subject: F-Prot/Frisk Anti Virus bypass - ZIP Version Header
|
http://thierry.sniff-em.com/research/fprot.html
|
|
