Intrusion Prevention

Multiple.AntiVirus.Products.File.Scan.Evasion

Description

This indicates an attack attempt against a File Scanning Evasion vulnerability in Multiple Anti-Virus Products.
The vulnerability is caused by an error when the vulnerable softwares handle a malformed virus injected file. It allows a remote attacker to bypass the security checks of Anti-Virus products via a crafted compress or image file.

Affected Products

AhnLab-V3 2011.01.18.00,
AntiVir 7.11.1.163,
Antiy-AVL 2.0.3.7,
Avast 4.8.1351.0,
Avast5 5.0.677.0,
AVG 10.0.0.1190,
BitDefender 7.2,
CAT-QuickHeal 11.00,
ClamAV 0.96.4,
Command 5.2.11.5,
Comodo 7424,
Emsisoft 5.1.0.1,
eSafe 7.0.17.0,
Fortinent 4.2.254.0,
F-Prot 4.6.2.117,
F-Secure 9.0.16160.0
GData 21,
Ikarus T3.1.1.97.0,
Jiangmin 13.0.900,
K7AntiVirus 9.77.3565,
Kaspersky 7.0.0.125
McAfee 5.400.0.1158,
McAfee 5.400.0.1158,
McAfee-GW-Edition 2010.1C,
Microsoft 1.6402,
NOD32 5795,
Norman 6.06.12,
nProtect 2011-01-17.01,
Panda 10.0.2.7,
PCTools 7.0.3.5,
Rising 22.83.00.03,
Sophos 4.61.0,
Symantec 20101.3.0.103,
TrendMicro 9.120.0.1004,
TrendMicro-HouseCall 9.120.0.1004
VBA32 3.12.14.2
VirusBuster 13.6.151.0

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.