Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/11448 | Exploit Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml | Patch Vendor Advisory |
http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true | Vendor Advisory |
http://www.kb.cert.org/vuls/id/492545 | US Government Resource |
http://secunia.com/advisories/13038/ | |
http://www.mandriva.com/security/advisories?name=MDKSA-2004:118 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2005-01-09 21:00
Updated : 2021-04-09 10:00
NVD link : CVE-2004-1096
Mitre link : CVE-2004-1096
JSON object : View
CWE
Products Affected
broadcom
- etrust_antivirus
- etrust_antivirus_gateway
- etrust_secure_content_manager
- brightstor_arcserve_backup
- etrust_intrusion_detection
- etrust_ez_antivirus
- etrust_ez_armor
- inoculateit
mandrakesoft
- mandrake_linux
mcafee
- antivirus_engine
ca
- etrust_antivirus
- etrust_secure_content_manager
rav_antivirus
- rav_antivirus_for_file_servers
- rav_antivirus_desktop
- rav_antivirus_for_mail_servers
kaspersky_lab
- kaspersky_anti-virus
eset_software
- nod32_antivirus
sophos
- sophos_puremessage_anti-virus
- sophos_anti-virus
- sophos_small_business_suite
suse
- suse_linux
gentoo
- linux