Multiple antivirus bypass by special crafted archive vulnerability

SecuBox Labs reported a vulnerability with multiple antivirus which bypass special crafted archive.


Release Date : 2005-10-05
Tested on: Windows 2000 SP2 & SP4
Tested with: Jotti Online Antivirus Scanner
Tested with: VirusTotal Online Antivirus Scanner
Tested with: Command line freeware UnRAR v3.50


Affected Products:
* Kaspersky Antivirus
* BitDefender Antivirus
* NOD32 Antivirus
* F-Prot Antivirus
* Avast Antivirus
* McAfee Antivirus
* Sophos Antivirus
* Symantec Antivirus
* Dr.Web Antivirus
* Avira Antivirus
* Norman Virus Control Antivirus
* Fortinet Antivirus
* VBA32 Antivirus
* Rising Antivirus
* AntiVir Antivirus
* eTrust-Iris Antivirus
* ArcaVir Antivirus
* eTrust-Vet Antivirus
* UNA Antivirus
* TheHacker
[+] May be others…..


Not affected:
* Grisoft AVG AntiVirus
* Ikarus AntiVirus
* ClamAV Antivirus
* Panda Antivirus
* CAT Quick Heal


Discovered by: fRoGGz
Credit to: SecuBox Labs
Rated as : Medium
More info in http://shadock.net/secubox/AVCraftedArchive.html

Leave a Reply