Multiple Interpretation Error in McAfee Internet Security Suite and Corporate Products
CVE-2005-3377

Currently unrated

Key Information:

Vendor: Mcafee
Status: Internet Security Suite
Vendor: CVE Published:; 30 October 2005

Summary

The vulnerability allows remote attackers to exploit multiple interpretation errors in McAfee's Internet Security Suite and Corporate products. Specifically, files that contain the 'MZ' magic byte sequence, not typically associated with safe file types such as BAT, HTML, and EML, can bypass virus scanning measures. This exploitation leads to potential execution of harmful files on the end system, presenting a significant security risk. The bug may involve files containing mixed content, effectively misleading the scanning process and permitting execution of potentially dangerous code.

References

http://www.securityfocus.com/bid/15189

vdb-entryx_refsource_BID

http://www.securityelf.org/magicbyte.html

x_refsource_MISC

http://www.securityelf.org/magicbyteadv.html

x_refsource_MISC

Timeline

Vulnerability published
Oct 30, 2005
Vulnerability Reserved
Oct 29, 2005