Antivirus Bypass Vulnerability in eTrust-Iris and eTrust-Vet by Computer Associates
CVE-2005-3225

Currently unrated

Key Information:

Vendor: Broadcom
Status: Etrust Antivirus; Etrust Antivirus Iris Engine
Vendor: CVE Published:; 14 October 2005

What is CVE-2005-3225?

A vulnerability exists in eTrust-Iris and eTrust-Vet Antivirus due to multiple interpretation errors in handling specific versions of RAR files. Attackers can craft malicious executables with malformed central and local headers within RAR archives. This exploitation allows the bypassing of virus detection mechanisms, enabling the executable to be opened by various unpacking tools like Winrar and PowerZip, which do not flag the files as corrupted. In contrast, other tools such as Winzip and BitZipper identify these files as corrupted, highlighting the potential security gap in certain antivirus products.

References

http://shadock.net/secubox/AVCraftedArchive.html

x_refsource_MISC

http://marc.info/?l=bugtraq&m=112879611919750&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005

Broadcom

What is CVE-2005-3225?

References

Timeline