Remote Bypass Vulnerability in McAfee Antivirus Products
CVE-2009-1348

Currently unrated

Key Information:

Vendor: Mcafee
Status: Total Protection; Securityshield For Email Servers; Internet Security Suite; Virusscan Enterprise
Vendor: CVE Published:; 30 April 2009

Summary

A remote code execution bypass vulnerability exists in various McAfee antivirus products due to improper handling of fields in malformed RAR and ZIP archives. Attackers can exploit this weakness to evade virus detection, effectively allowing them to introduce malicious files onto vulnerable systems. The flaw stems from the handling of the Headflags, Packsize, and Filelength fields, which can be manipulated in crafted files, posing significant risks to users and organizations relying on these security products.

References

http://www.securityfocus.com/archive/1/503173/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://secunia.com/advisories/34949

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 30, 2009
Vulnerability Reserved
Apr 20, 2009