Intrusion PreventionBase64.Encoded.Image.Virus.Detection.Bypass
Description
This indicates an attack attempt against a bypass-virus-scanning vulnerability in multiple vendor anti-virus gateway products.
The vulnerability is caused by an error when the vulnerable software handles base64-encoded images. It allows a remote attacker to bypass virus scanning via sending a crafted URIs.
Affected Products
Trend Micro WebProtect 3.1
Trend Micro InterScan Messaging Security Suite 5.5
Trend Micro InterScan Messaging Security Suite 3.81
TippingPoint Unity-One with Digital Vacine 2.0.0.2070
McAfee Webshield 3000 4.3.20
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
IronPort IronPort with Sophos AV Engine 3.88
Internet Security Systems SiteProtector 2.0 SP3
Internet Security Systems SiteProtector 2.0.4.561
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
Check Point Software FireWall-1 R55 HFA08 with SmartDefense
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Impact
System compromise: Bypass virus scanning.
Recommended Actions
Upgrade to the latest version of the vulnerable software or firmware.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 15025 |
| Created | Oct 09, 2007 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2005-0218 |
| Exploit Prediction Score | 8.57% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |