Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2442

4 documents4 sources
Severity
5.0MEDIUM
EPSS
18.9%
top 4.69%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
F-secure F-secure Anti-virusF-secure F-secure FOR FirewallsF-secure F-secure Internet Security+2 more
Timeline
PublishedDec 31
Latest updateApr 29

Description

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDf-secure/f-secure_anti-virus19 versions+18

Patches

Patch: secunia.comPatch: www.f-secure.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-f4jg-33vh-vv4m: Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 52022-04-29
CVEList
CVE-2004-2442: Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 52005-08-20

💥Exploits & PoCs

1
Exploit-DB
Multiple AntiVirus - '.zip' Detection Bypass2004-11-14