TITLE: RAV Antivirus Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA12879
VERIFY ADVISORY: http://secunia.com/advisories/12879/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: RAV AntiVirus Desktop for Linux 8.x http://secunia.com/product/4096/ RAV Antivirus Desktop for Windows 8.x http://secunia.com/product/4087/ RAV AntiVirus for AIM 1.x http://secunia.com/product/4102/ RAV AntiVirus for File Servers 1.x http://secunia.com/product/4104/ RAV AntiVirus for ICQ 1.x http://secunia.com/product/4098/ RAV AntiVirus for Mail Servers 8.x http://secunia.com/product/4103/ RAV AntiVirus for MSN Messenger 1.x http://secunia.com/product/4099/ RAV AntiVirus for Novell Networks 8.x http://secunia.com/product/4105/ RAV AntiVirus for Trillian 1.x http://secunia.com/product/4097/ RAV AntiVirus for Yahoo! Messenger 1.x http://secunia.com/product/4101/ RAV AntiVirus MailFilter 1.x http://secunia.com/product/4106/ DESCRIPTION: A vulnerability has been reported in RAV Antivirus, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing .zip archive headers and can be exploited via a specially crafted .zip archive where the uncompressed size of the archived file has been modified within the local and global headers. Successful exploitation causes malware in a specially crafted .zip archive to pass the scanning functionality undetected. NOTE: This is not a critical issue on client systems, as the malware still is detected upon execution. SOLUTION: Filter all compressed file archives (.zip) at border gateways. ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
