CVE-2004-2442

F-Secure Anti-Virus <5.43 - Auth Bypass

Title source: llm

Description

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

Exploits (1)

exploitdb WORKING POC VERIFIED

by oc192 · clocalmultiple

https://www.exploit-db.com/exploits/629

View Code ZIP pw:eip

References (6)

[Patch] http://secunia.com/advisories/13263/

[Vendor Advisory] http://www.ciac.org/ciac/bulletins/p-041.shtml

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/968818

[Patch, Vendor Advisory] http://www.f-secure.com/security/fsc-2004-3.shtml

[Patch] http://www.securityfocus.com/bid/11732

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18217

Scores

EPSS 0.1890

EPSS Percentile 95.3%

Details

Status published

Products (32)

f-secure/f-secure_anti-virus 4.51 (3 CPE variants)

f-secure/f-secure_anti-virus 4.52 (3 CPE variants)

f-secure/f-secure_anti-virus 4.60

f-secure/f-secure_anti-virus 4.61 (2 CPE variants)

f-secure/f-secure_anti-virus 5.0 (2 CPE variants)

f-secure/f-secure_anti-virus 5.5 (3 CPE variants)

f-secure/f-secure_anti-virus 5.41 (3 CPE variants)

f-secure/f-secure_anti-virus 5.42 (3 CPE variants)

f-secure/f-secure_anti-virus 5.43

f-secure/f-secure_anti-virus 5.52

... and 22 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026