Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1096

6 documents6 sources

Severity

7.5HIGH

EPSS

20.3%

top 4.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

22

Broadcom Brightstor Arcserve Backup Broadcom Etrust Antivirus Broadcom Etrust Antivirus Gateway +19 more

Timeline

PublishedJan 10

Latest updateApr 29

Description

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages22 packages

▶Debianlibarchive-zip-perl< 1.14-1+3

▶NVDca/etrust_antivirus7.0_sp2

▶NVDmcafee/antivirus_engine4.3.20

▶NVDbroadcom/etrust_antivirus7.0, 7.1+1

▶NVDrav_antivirus/rav_antivirus1.0, 8.4.2+1

Patches

Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

3

GHSA

GHSA-wf22-9wqx-hv9r: Archive::Zip Perl module before 1↗2022-04-29

▶

OSV

CVE-2004-1096: Archive::Zip Perl module before 1↗2005-01-10

▶

CVEList

CVE-2004-1096: Archive::Zip Perl module before 1↗2004-12-01

▶

💥Exploits & PoCs

1

Exploit-DB

Multiple AntiVirus - '.zip' Detection Bypass↗2004-11-14

▶

📋Vendor Advisories

1

Debian

CVE-2004-1096: libarchive-zip-perl - Archive::Zip Perl module before 1.14, when used by antivirus programs such as am...↗2004

▶