Vigil@nce: AVG Anti-Virus, bypassing via ZIP
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a ZIP archive containing a virus which is
not detected by AVG.
Severity: 2/4
Consequences: data flow
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 11/05/2009
IMPACTED PRODUCTS
– Grisoft AVG Anti-Virus
DESCRIPTION OF THE VULNERABILITY
AVG products detect viruses contained in ZIP archives.
However, an attacker can create a slightly malformed archive (by
changing "Filelength"), which can still be opened by Unzip tools,
but which cannot be opened by the antivirus.
An attacker can therefore create a ZIP archive containing a virus
which is not detected by AVG.
CHARACTERISTICS
Identifiers: BID-34895, TZO-20-2009, VIGILANCE-VUL-8704
http://vigilance.fr/vulnerability/AVG-Anti-Virus-bypassing-via-ZIP-8704