CVE-2012-1446
https://notcve.org/view.php?id=CVE-2012-1446
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. El analizador de archivos ELF en Quick Heal (también conocido como Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning 5.400.0.1158, AVEngine 20101.3.0.103 de Symantec Endpoint Protection 11, Norman Antivirus 6.6.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0 .0.125, McAfee gateway (anteriormente Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Antivirus Vet 36.1.8511, Laboratorios Antiy AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar la detección de malware a través de un archivo ELF con un campo encoding modificado. NOTA: esto más adelante se puede dividir en varios CVEs si la información adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador ELF. • http://osvdb.org/80426 http://osvdb.org/80427 http://osvdb.org/80428 http://osvdb.org/80430 http://osvdb.org/80431 http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005 http://www.securityfocus.com/bid/52600 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2116
https://notcve.org/view.php?id=CVE-2010-2116
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. La interfaz web en McAfee Email Gateway (formerly IronMail) v6.7.1 permite a usuarios autenticados remotamente, sólo con privilegios de lectura, obtener prvilegios de escritura modificando la configuración a través de una acción "save" en una petición directa a admin/systemWebAdminConfig.do. • http://osvdb.org/64832 http://secunia.com/advisories/39881 http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf http://www.securitytracker.com/id?1024018 http://www.vupen.com/english/advisories/2010/1239 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2009-1348
https://notcve.org/view.php?id=CVE-2009-1348
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. El AV engine antes de DAT 5600 en McAfee VirusScan, Total Protection, Internet Security, SecurityShield para Microsoft ISA Server, Security para Microsoft Sharepoint, Security para Email Servers, Email Gateway, y Active Virus Defense permite a atacantes remotos eludir la detección de virus a través de (1) un campo Headflags inválido de un archivo RAR malformado, (2) un campo Packsize inválido de un archivo RAR malformado, o (3) un campo Filelength de un archivo ZIP malformado. • http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html http://secunia.com/advisories/34949 http://www.securityfocus.com/archive/1/503173/100/0/threaded http://www.securityfocus.com/bid/34780 https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT • CWE-20: Improper Input Validation •
CVE-2004-1096 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-1096
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. El módulo Perl Archive::Zip anterior a 1.14, cuando se usa en programas antivirus como amavisd-new, permite a atacantes remotos saltarse la protección del antivirus mediante un ficheros comprimido con cabeceras globales y locales establecido a cero, lo que no impide que el fichero comprimido sea abierto en un sistema objetivo. • https://www.exploit-db.com/exploits/629 http://secunia.com/advisories/13038 http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/492545 http://www.mandriva.com/security/advisories?name=MDKSA-2004:118 http://www.securityfocus.com/bid/11448 https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 •
CVE-2004-0933 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-0933
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. • https://www.exploit-db.com/exploits/629 http://supportconnectw.ca.com/public/ca_common_docs/arclib_vuln.asp http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true http://www.securityfocus.com/bid/11448 https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 •