CVE-2009-1348

EPSS 0.4%
Veröffentlicht 30.04.2009 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mcafee ≫ Active Virus Defense

Mcafee ≫ Active Virusscan

Mcafee ≫ Email Gateway

Mcafee ≫ Internet Security Suite

Mcafee ≫ Internet Security Suite Version2004

Mcafee ≫ Internet Security Suite Version2005

Mcafee ≫ Internet Security Suite Version2006

Mcafee ≫ Internet Security Suite Version2009

Mcafee ≫ Securityshield For Email Servers

Mcafee ≫ Securityshield For Microsoft Isa Server

Mcafee ≫ Securityshield For Microsoft Sharepoint

Mcafee ≫ Total Protection Version2009

Mcafee ≫ Total Protection For Endpoint

Mcafee ≫ Virusscan Commandline

Mcafee ≫ Virusscan Enterprise

Mcafee ≫ Virusscan Enterprise Version- Update- Editionlinux

Mcafee ≫ Virusscan Enterprise Version- Update- Editionsap

Mcafee ≫ Virusscan Enterprise Version- Update- Editionstorage

Mcafee ≫ Virusscan Plus Version2009

Mcafee ≫ Virusscan Usb

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.599

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html

http://secunia.com/advisories/34949

Vendor Advisory

http://www.securityfocus.com/archive/1/503173/100/0/threaded

http://www.securityfocus.com/bid/34780

https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-1348

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1348

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1348

EUVD