CVE-2009-1348
McAfee Active Virus Defense - Virus Detection Bypass via Malformed Archive Headers
Title source: llmDescription
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34949
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503173/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34780
Various Sources x_refsource_misc
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
Scores
EPSS
0.0040
EPSS Percentile
60.8%
Details
CWE
CWE-20
Status
published
Products (17)
mcafee/active_virus_defense
mcafee/active_virusscan
mcafee/email_gateway
mcafee/internet_security_suite
mcafee/internet_security_suite
2004
mcafee/internet_security_suite
2005
mcafee/internet_security_suite
2006
mcafee/internet_security_suite
2009
mcafee/securityshield_for_email_servers
mcafee/securityshield_for_microsoft_isa_server
... and 7 more
Published
Apr 30, 2009
Tracked Since
Feb 18, 2026