Antivirus Detection Bypass in Avast! Antivirus 4.8 by MZ Header
CVE-2008-5523

Currently unrated

Key Information:

Vendor: Avast
Status: Avast Antivirus
Vendor: CVE Published:; 12 December 2008

What is CVE-2008-5523?

The vulnerability present in Avast! Antivirus 4.8.1281.0 arises from its inability to detect certain malware embedded in HTML documents when accessed via Internet Explorer 6 or 7. Attackers can exploit this by prefixing an MZ header, commonly associated with executable files, to manipulate the file's extension or remove it entirely. This tactic enables the malware to evade detection, allowing malicious activities to occur undetected. The exploit demonstrates that by presenting the malware with misleading file types, such as .txt or .jpg, attackers can facilitate the delivery of harmful payloads.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/4723

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499043/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2008
Vulnerability Reserved
Dec 12, 2008