Vigil@nce: F-Secure AV, bypassing via RAR and ZIP
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a RAR or ZIP archive containing a virus
which is not detected by F-Secure products.
Severity: 2/4
Consequences: data flow
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 07/05/2009
IMPACTED PRODUCTS
– F-Secure Anti-Virus
DESCRIPTION OF THE VULNERABILITY
F-Secure products detect viruses contained in RAR and ZIP archives.
However, an attacker can create a slightly malformed archive,
which can still be opened by Unrar/Unzip tools, but which cannot
be opened by the antivirus.
Technical details are unknown.
An attacker can therefore create a RAR or ZIP archive containing a
virus which is not detected by F-Secure.
CHARACTERISTICS
Identifiers: BID-34849, FSC-2009-1, VIGILANCE-VUL-8697
http://vigilance.fr/vulnerability/F-Secure-AV-bypassing-via-RAR-and-ZIP-8697