Vulnerability Description
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Active Virus Defense | All versions |
| Mcafee | Active Virusscan | All versions |
| Mcafee | Email Gateway | All versions |
| Mcafee | Internet Security Suite | All versions |
| Mcafee | Securityshield For Email Servers | All versions |
| Mcafee | Securityshield For Microsoft Isa Server | All versions |
| Mcafee | Securityshield For Microsoft Sharepoint | All versions |
| Mcafee | Total Protection | 2009 |
| Mcafee | Total Protection For Endpoint | All versions |
| Mcafee | Virusscan Commandline | All versions |
| Mcafee | Virusscan Enterprise | All versions |
| Mcafee | Virusscan Plus | 2009 |
| Mcafee | Virusscan Usb | All versions |
Related Weaknesses (CWE)
References
- http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
- http://secunia.com/advisories/34949Vendor Advisory
- http://www.securityfocus.com/archive/1/503173/100/0/threaded
- http://www.securityfocus.com/bid/34780
- https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENTPatchVendor Advisory
- http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
- http://secunia.com/advisories/34949Vendor Advisory
- http://www.securityfocus.com/archive/1/503173/100/0/threaded
- http://www.securityfocus.com/bid/34780
- https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENTPatchVendor Advisory
FAQ
What is CVE-2009-1348?
CVE-2009-1348 is a vulnerability with a CVSS score of 7.6 (HIGH). The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Ga...
How severe is CVE-2009-1348?
CVE-2009-1348 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1348?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Active Virus Defense, Mcafee Active Virusscan, Mcafee Email Gateway, Mcafee Internet Security Suite, Mcafee Securityshield For Email Servers.