CVE-2004-2442

F-Secure Anti-Virus <5.43 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2442. PoCs published by oc192.

AI-analyzed exploit summary This PoC exploits a vulnerability in multiple antivirus engines (CVE-2004-1096) by corrupting ZIP file headers, causing denial-of-service or potential arbitrary code execution during file scanning. It patches specific offsets in local and central ZIP headers to trigger the flaw.

Description

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

Exploits (1)

exploitdb WORKING POC VERIFIED
by oc192 · clocalmultiple
https://www.exploit-db.com/exploits/629

This PoC exploits a vulnerability in multiple antivirus engines (CVE-2004-1096) by corrupting ZIP file headers, causing denial-of-service or potential arbitrary code execution during file scanning. It patches specific offsets in local and central ZIP headers to trigger the flaw.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Multiple antivirus engines (McAfee, Computer Associates, Kaspersky, Sophos, Eset, RAV)
No auth needed
Prerequisites: A malformed ZIP file to be scanned by vulnerable antivirus software
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13263/
Vendor Advisory third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/p-041.shtml
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/968818
Patch, Vendor Advisory x_refsource_confirm
http://www.f-secure.com/security/fsc-2004-3.shtml
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11732
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18217

Scores

EPSS 0.1064
EPSS Percentile 95.2%

Details

Status published
Products (32)
f-secure/f-secure_anti-virus 4.51 (3 CPE variants)
f-secure/f-secure_anti-virus 4.52 (3 CPE variants)
f-secure/f-secure_anti-virus 4.60
f-secure/f-secure_anti-virus 4.61 (2 CPE variants)
f-secure/f-secure_anti-virus 5.0 (2 CPE variants)
f-secure/f-secure_anti-virus 5.5 (3 CPE variants)
f-secure/f-secure_anti-virus 5.41 (3 CPE variants)
f-secure/f-secure_anti-virus 5.42 (3 CPE variants)
f-secure/f-secure_anti-virus 5.43
f-secure/f-secure_anti-virus 5.52
... and 22 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026