CVE-2004-1096

Current Description

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCaBrightstor Arcserve Backup11.1*******
    2.3ApplicationCaEtrust Antivirus7.0*******
    2.3ApplicationCaEtrust Antivirus7.0_sp2*******
    2.3ApplicationCaEtrust Antivirus7.1*******
    2.3ApplicationCaEtrust Antivirus Gateway7.0*******
    2.3ApplicationCaEtrust Antivirus Gateway7.1*******
    2.3ApplicationCaEtrust Ez Antivirus6.1*******
    2.3ApplicationCaEtrust Ez Antivirus6.2*******
    2.3ApplicationCaEtrust Ez Antivirus6.3*******
    2.3ApplicationCaEtrust Ez Armor2.0*******
    2.3ApplicationCaEtrust Ez Armor2.3*******
    2.3ApplicationCaEtrust Ez Armor2.4*******
    2.3ApplicationCaEtrust Intrusion Detection1.4.1.13*******
    2.3ApplicationCaEtrust Intrusion Detection1.4.5*******
    2.3ApplicationCaEtrust Intrusion Detection1.5*******
    2.3ApplicationCaEtrust Secure Content Manager1.0*******
    2.3ApplicationCaEtrust Secure Content Manager1.0sp1******
    2.3ApplicationCaEtrust Secure Content Manager1.1*******
    2.3ApplicationCaInoculateit6.0*******
    2.3ApplicationEset SoftwareNod32 Antivirus1.0.11*******
    2.3ApplicationEset SoftwareNod32 Antivirus1.0.12*******
    2.3ApplicationEset SoftwareNod32 Antivirus1.0.13*******
    2.3ApplicationKaspersky LabKaspersky Anti-virus3.0*******
    2.3ApplicationKaspersky LabKaspersky Anti-virus4.0*******
    2.3ApplicationKaspersky LabKaspersky Anti-virus5.0*******
    2.3ApplicationMcafeeAntivirus Engine4.3.20*******
    2.3ApplicationRav AntivirusRav Antivirus Desktop8.6*******
    2.3ApplicationRav AntivirusRav Antivirus For File Servers1.0*******
    2.3ApplicationRav AntivirusRav Antivirus For Mail Servers8.4.2*******
    2.3ApplicationSophosSophos Anti-virus3.4.6*******
    2.3ApplicationSophosSophos Anti-virus3.78*******
    2.3ApplicationSophosSophos Anti-virus3.78d*******
    2.3ApplicationSophosSophos Anti-virus3.79*******
    2.3ApplicationSophosSophos Anti-virus3.80*******
    2.3ApplicationSophosSophos Anti-virus3.81*******
    2.3ApplicationSophosSophos Anti-virus3.82*******
    2.3ApplicationSophosSophos Anti-virus3.83*******
    2.3ApplicationSophosSophos Anti-virus3.84*******
    2.3ApplicationSophosSophos Anti-virus3.85*******
    2.3ApplicationSophosSophos Anti-virus3.86*******
    2.3ApplicationSophosSophos Puremessage Anti-virus4.6*******
    2.3ApplicationSophosSophos Small Business Suite1.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux********
    2.3OSGentooLinux1.4*******
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSSuseSuse Linux9.2*******

Vulnerable Software List

VendorProductVersions
Kaspersky Lab Kaspersky Anti-virus 3.0, 4.0, 5.0
Ca Etrust Intrusion Detection 1.4.1.13, 1.4.5, 1.5
Ca Inoculateit 6.0
Ca Brightstor Arcserve Backup 11.1
Ca Etrust Antivirus 7.0, 7.0_sp2, 7.1
Ca Etrust Antivirus Gateway 7.0, 7.1
Ca Etrust Ez Antivirus 6.1, 6.2, 6.3
Ca Etrust Ez Armor 2.0, 2.3, 2.4
Ca Etrust Secure Content Manager 1.0, 1.1
Sophos Sophos Anti-virus 3.4.6, 3.78, 3.78d, 3.79, 3.80, 3.81, 3.82, 3.83, 3.84, 3.85, 3.86
Sophos Sophos Puremessage Anti-virus 4.6
Sophos Sophos Small Business Suite 1.0
Rav Antivirus Rav Antivirus For Mail Servers 8.4.2
Rav Antivirus Rav Antivirus Desktop 8.6
Rav Antivirus Rav Antivirus For File Servers 1.0
Mandrakesoft Mandrake Linux 10.1
Mcafee Antivirus Engine 4.3.20
Eset Software Nod32 Antivirus 1.0.11, 1.0.12, 1.0.13
Suse Suse Linux 9.2
Gentoo Linux *, 1.4

References

NameSourceURLTags
13038http://secunia.com/advisories/13038/SECUNIA
GLSA-200410-31http://www.gentoo.org/security/en/glsa/glsa-200410-31.xmlGENTOOPatch Vendor Advisory
20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerabilityhttp://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=trueIDEFENSEVendor Advisory
VU#492545http://www.kb.cert.org/vuls/id/492545CERT-VNUS Government Resource
MDKSA-2004:118http://www.mandriva.com/security/advisories?name=MDKSA-2004:118MANDRAKE
11448http://www.securityfocus.com/bid/11448BIDExploit Patch Vendor Advisory
antivirus-zip-protection-bypass(17761)https://exchange.xforce.ibmcloud.com/vulnerabilities/17761XF