Description
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522005
Various Sources x_refsource_misc
http://www.ieee-security.org/TC/SP2012/program.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74310
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52613
Scores
EPSS
0.0838
EPSS Percentile
92.4%
Details
CWE
CWE-264
Status
published
Products (10)
ahnlab/v3_internet_security
2011.01.18.00
aladdin/esafe
7.0.17.0
avg/avg_anti-virus
10.0.0.1190
cat/quick_heal
11.00
emsisoft/anti-malware
5.1.0.1
fortinet/fortinet_antivirus
4.2.254.0
ikarus/ikarus_virus_utilities_t3_command_line_scanner
1.1.97.0
jiangmin/jiangmin_antivirus
13.0.900
kaspersky/kaspersky_anti-virus
7.0.0.125
symantec/endpoint_protection
11.0
Published
Mar 21, 2012
Tracked Since
Feb 18, 2026