Antivirus Bypass Vulnerability in Archive::Zip Perl Module by CPAN
CVE-2004-1096

Currently unrated

Key Information:

Vendor: Eset Software
Status: Nod32 Antivirus; Kaspersky Anti-virus; Sophos Small Business Suite; Sophos Anti-virus
Vendor: CVE Published:; 10 January 2005

🔔 Create Eset Software Vulnerability Alert

What is CVE-2004-1096?

The Archive::Zip Perl module prior to version 1.14 contains a vulnerability that allows remote attackers to circumvent antivirus solutions. By crafting a compressed file with local and global headers set to zero, an attacker can manipulate how the file is processed, leading to potential execution of harmful content while evading detection by the antivirus software that relies on this module.

References

http://secunia.com/advisories/13038/

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

https://exchange.xforce.ibmcloud.com/vulnerabilities/17761

vdb-entryx_refsource_XF

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Nov 30, 2004

JSON