Signature Detail

HTTP: Multiple Vendor Anti-Virus Magic Byte Detection Evasion

This signature detects attempts to exploit a known vulnerability against Multiple Anti-Virus products. Attackers can bypass the security restrictions of a system allowing the attacker to carry on future attacks on the victim's computer.

Extended Description

Multiple vendor anti-virus software is prone to a detection evasion vulnerability. The problem presents itself in the way various anti-virus software determines the type of file it is scanning. An attacker can exploit this vulnerability to pass malicious files passed the anti-virus software. This results in a false sense of security, and ultimately could lead to the execution of arbitrary code on the victim user's machine.

Affected Products

• ArcaBit ArcaVir 2005.0.0
• AVG AVG Anti-Virus 7.0.323
• Cat Computer Services Quick Heal Antivirus 8.0.0
• Dr.Web 4.32.0 b
• eTrust eTrust CA 7.0.14
• Fortinet Antivirus 2.48.0 .0.0
• Frisk Software F-Prot Antivirus 3.16.0 C
• Ikarus 2.32.0
• Kaspersky Anti-Virus 5.0.372
• McAfee Internet Security Suite 7.1.5
• McAfee VirusScan Enterprise 8.0.0
• Norman Virus Control 5.81.0
• Panda Titanium
• Sophos Anti-Virus 3.91.0
• TheHacker TheHacker Antivirus 5.8.4 .128
• Trend Micro OfficeScan Corporate Edition 7.0.0
• Trend Micro PC-cillin 2005
• Ukrainian Antiviral Center UNA

References

• BugTraq: 15189