Multiple anti-virus products with archive processing vulnerabilities
Anti-virus software products from Avira, Aladdin, Comodo, ESET (NOD32), Trend Micro and McAfee have had problems processing archives. This may lead to the scanner failing to detect an infected file within an archive. Avira and ESET have reportedly already resolved the problem for CAB files, with an update. An update from Comodo should fix the bug when processing RAR archives. McAfee has released a fix for RAR and ZIP archives.
According to Thierry Zoller who discovered the vulnerabilities, Aladdin and Trend Micro have been informed of the problem, but have yet to release updates.
(dab)
See also:
- Weaknesses in several virus scanners - Updated, a report from The H.
- Nod32 CAB bypass/evasion, report from Zoller.
- Trend Micro RAR,CAB,ZIP bypass/evasion, report from Zoller.
- Avira Antivir evasion CAB, report from Zoller.
- Aladdin eSafe Generic Evasion, report from Zoller.
- Comodo evasion RAR, report from Zoller.
- Mcafee multiple generic evasions, report from Zoller.
(crve)