Remote Malware Detection Bypass in Symantec AntiVirus Due to HTML Document Vulnerability
CVE-2008-5543

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus
Vendor: CVE Published:; 12 December 2008

What is CVE-2008-5543?

Symantec AntiVirus version 10 is susceptible to a significant vulnerability that allows remote attackers to circumvent malware detection when Internet Explorer 6 or 7 is employed. This can be achieved by manipulating an HTML document to include an MZ header (commonly recognized as 'EXE info') at the beginning. Attackers can further obscure their malicious intent by altering the file's extension to either omit it completely, append a .txt, or use a .jpg extension, effectively masking potentially harmful content as benign. This tactic enables the execution of malware exploits without detection, posing serious risks to users.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/4723

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/499043/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 12, 2008
Vulnerability Reserved
Dec 12, 2008