Vulnerability Description
Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | F-Secure Anti-Virus | 4.51 |
| F-Secure | F-Secure For Firewalls | 6.20 |
| F-Secure | F-Secure Internet Security | 2004 |
| F-Secure | F-Secure Personal Express | 4.5 |
| F-Secure | Internet Gatekeeper | 2.6 |
References
- http://secunia.com/advisories/13263/Patch
- http://www.ciac.org/ciac/bulletins/p-041.shtmlVendor Advisory
- http://www.f-secure.com/security/fsc-2004-3.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/968818Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11732Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18217
- http://secunia.com/advisories/13263/Patch
- http://www.ciac.org/ciac/bulletins/p-041.shtmlVendor Advisory
- http://www.f-secure.com/security/fsc-2004-3.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/968818Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/11732Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18217
FAQ
What is CVE-2004-2442?
CVE-2004-2442 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Serv...
How severe is CVE-2004-2442?
CVE-2004-2442 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2442?
Check the references section above for vendor advisories and patch information. Affected products include: F-Secure F-Secure Anti-Virus, F-Secure F-Secure For Firewalls, F-Secure F-Secure Internet Security, F-Secure F-Secure Personal Express, F-Secure Internet Gatekeeper.