CVE-2009-1348

EPSS 0.4%
Published 30.04.2009 20:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Active Virus Defense

Mcafee ≫ Active Virusscan

Mcafee ≫ Email Gateway

Mcafee ≫ Internet Security Suite

Mcafee ≫ Internet Security Suite Version2004

Mcafee ≫ Internet Security Suite Version2005

Mcafee ≫ Internet Security Suite Version2006

Mcafee ≫ Internet Security Suite Version2009

Mcafee ≫ Securityshield For Email Servers

Mcafee ≫ Securityshield For Microsoft Isa Server

Mcafee ≫ Securityshield For Microsoft Sharepoint

Mcafee ≫ Total Protection Version2009

Mcafee ≫ Total Protection For Endpoint

Mcafee ≫ Virusscan Commandline

Mcafee ≫ Virusscan Enterprise

Mcafee ≫ Virusscan Enterprise Version- Update- Editionlinux

Mcafee ≫ Virusscan Enterprise Version- Update- Editionsap

Mcafee ≫ Virusscan Enterprise Version- Update- Editionstorage

Mcafee ≫ Virusscan Plus Version2009

Mcafee ≫ Virusscan Usb

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.599

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html

http://secunia.com/advisories/34949

Vendor Advisory

http://www.securityfocus.com/archive/1/503173/100/0/threaded

http://www.securityfocus.com/bid/34780

https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-1348

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1348

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1348

EUVD