CVE-2004-0934

archive_zip - Antivirus Bypass via Zeroed Local and Global Headers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0934.

AI-analyzed exploit summary This PoC exploits a vulnerability in multiple antivirus products by corrupting ZIP file headers, causing potential denial-of-service or arbitrary code execution when the file is scanned. It patches specific offsets in local and central ZIP headers to trigger the vulnerability.

Description

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Exploits (1)

exploitdb WORKING POC

clocalmultiple

https://www.exploit-db.com/exploits/629

View Code ZIP pw:eip

This PoC exploits a vulnerability in multiple antivirus products by corrupting ZIP file headers, causing potential denial-of-service or arbitrary code execution when the file is scanned. It patches specific offsets in local and central ZIP headers to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Multiple antivirus products (McAfee, Kaspersky, Sophos, etc.)

No auth needed

Prerequisites: A ZIP file to modify

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17761

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/968818

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11448

Various Sources third-party-advisory x_refsource_idefense

http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true

Scores

EPSS 0.3995

EPSS Percentile 97.4%

Details

Status published

Products (47)

archive_zip/archive_zip 1.13

broadcom/brightstor_arcserve_backup 11.1

broadcom/etrust_antivirus 7.0

broadcom/etrust_antivirus 7.1

broadcom/etrust_antivirus_gateway 7.0

broadcom/etrust_antivirus_gateway 7.1

broadcom/etrust_ez_antivirus 6.1

broadcom/etrust_ez_antivirus 6.2

broadcom/etrust_ez_antivirus 6.3

broadcom/etrust_ez_armor 2.0

... and 37 more

Published Jan 27, 2005

Tracked Since Feb 18, 2026