Vulnerability Note VU#968818
Anti-virus software may not properly scan malformed zip archives
Anti-virus software may rely on corrupted headers to determine if a zip archive is valid. As a result, anti-virus software may fail to detect malicious content within a zip archive.
Information about a zip archive, such as the size of the compressed data, is placed in headers within the archive. An attacker may be able to modify these headers to indicate that an archive contains files with sizes/lengths of zero. If anti-virus software relies on zip archive headers to determine archive validity, the anti-virus software may incorrectly interpret an archive with maliciously modified headers to contain zero-length files. Consequently, the anti-virus software would fail to detect the malicious content and allow the archive into the system.
Please note that a user may still have to extract the contents of the malicious archive to trigger exploitation.
A remote attacker may be able to craft a malicious zip archive that will evade detection by anti-virus software. Once in the system, if the remote attacker can persuade the user to accesses the malicious archive, the attacker may be able to execute arbitrary code on that user's system.
Consult Anti-Virus Vendors
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AKS||Unknown||24 Nov 2004||09 Dec 2004|
|Check Point||Unknown||24 Nov 2004||09 Dec 2004|
|CommandCom||Unknown||24 Nov 2004||09 Dec 2004|
|Computer Associates||Unknown||-||09 Dec 2004|
|CPAN||Unknown||-||09 Dec 2004|
|CyberSoft||Unknown||24 Nov 2004||09 Dec 2004|
|eset Antivirus||Unknown||-||09 Dec 2004|
|F-Secure||Unknown||24 Nov 2004||09 Dec 2004|
|Finjan Software||Unknown||24 Nov 2004||09 Dec 2004|
|Fortinet||Unknown||24 Nov 2004||09 Dec 2004|
|Kapersky||Unknown||-||09 Dec 2004|
|McAfee||Unknown||-||09 Dec 2004|
|MessageLabs||Unknown||24 Nov 2004||09 Dec 2004|
|RAV||Unknown||-||09 Dec 2004|
|Sophos||Unknown||-||09 Dec 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by iDefense.
Thanks to Dan Plakosh for providing information concerning this issue.
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 18 Oct 2004
- Date First Published: 10 Dec 2004
- Date Last Updated: 14 Jan 2005
- Severity Metric: 7.59
- Document Revision: 106
If you have feedback, comments, or additional information about this vulnerability, please send us email.