CVE-2008-5547

HAURI ViRobot <2008.12.4.1499 - Auth Bypass

Title source: llm
STIX 2.1

Description

HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47435
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4723
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499043/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498995/100/0/threaded

Scores

EPSS 0.0191
EPSS Percentile 77.3%

Details

CWE
CWE-20
Status published
Products (2)
hauri/virobot 2008.9.12.1375
hauri/virobot 2008.12.4.1499
Published Dec 12, 2008
Tracked Since Feb 18, 2026