CVE-2004-1096

Archive::Zip <1.14 - Open Redirect

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1096.

AI-analyzed exploit summary This PoC exploits multiple ZIP file parsing vulnerabilities (CAN-2004-0932 to CAN-2004-0937) by patching specific offsets in local and central headers to trigger flaws in various antivirus engines. It modifies ZIP files to create malformed headers that could bypass or crash affected software.

Description

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Exploits (1)

exploitdb WORKING POC

clocalmultiple

https://www.exploit-db.com/exploits/629

View Code ZIP pw:eip

This PoC exploits multiple ZIP file parsing vulnerabilities (CAN-2004-0932 to CAN-2004-0937) by patching specific offsets in local and central headers to trigger flaws in various antivirus engines. It modifies ZIP files to create malformed headers that could bypass or crash affected software.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Multiple antivirus engines (McAfee, Computer Associates, Kaspersky, Sophos, Eset, RAV)

No auth needed

Prerequisites: A valid ZIP file to modify

MITRE ATT&CK