CVE-2009-1784

EPSS 0.39%
Veröffentlicht 22.05.2009 20:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Avg ≫ Avg Anti-virus Version <= 8.0.156

Avg ≫ Avg Anti-virus Version6.0.710

Avg ≫ Avg Anti-virus Version7.0

Avg ≫ Avg Anti-virus Version7.0.251

Avg ≫ Avg Anti-virus Version7.0.323

Avg ≫ Avg Anti-virus Version7.1.308

Avg ≫ Avg Anti-virus Version7.1.407

Avg ≫ Avg Anti-virus Version7.5.51

Avg ≫ Avg Anti-virus Version7.5.448

Avg ≫ Avg Anti-virus Version7.5.476

Avg ≫ Avg Anti-virus Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html

http://www.securityfocus.com/archive/1/503392/100/0/threaded

http://www.securityfocus.com/bid/34895

https://exchange.xforce.ibmcloud.com/vulnerabilities/50426

https://nvd.nist.gov/vuln/detail/CVE-2009-1784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1784

EUVD