Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0936

4 documents4 sources

Severity

7.5HIGH

EPSS

13.2%

top 5.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Archive ZIP Archive ZIP Broadcom Brightstor Arcserve Backup Broadcom Etrust Antivirus +20 more

Timeline

PublishedJan 27

Latest updateApr 29

Description

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages22 packages

▶NVDca/etrust_antivirus7.0_sp2

▶NVDmcafee/antivirus_engine4.3.20

▶NVDbroadcom/etrust_antivirus7.0, 7.1+1

▶NVDrav_antivirus/rav_antivirus1.0, 8.4.2+1

▶NVDbroadcom/etrust_ez_antivirus6.1, 6.2, 6.3+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3q3h-cf5f-xf24: RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does↗2022-04-29

▶

CVEList

CVE-2004-0936: RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does↗2004-11-19

▶

💥Exploits & PoCs

Exploit-DB

Multiple AntiVirus - '.zip' Detection Bypass↗2004-11-14

▶