Freely subscribe to our NEWSLETTER

– Severity: 2/4
– Consequences: data flow
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 28/10/2009

IMPACTED PRODUCTS

– F-Secure Anti-Virus
– McAfee GroupShield
– McAfee Security for Email Servers
– McAfee VirusScan
– Symantec Antivirus
– Symantec Norton AntiVirus
– Symantec Norton Internet Security

DESCRIPTION OF THE VULNERABILITY

A PDF document can be especially constructed to be read by Adobe
Reader, but to be unrecognized by an antivirus software. An
attacker can create such a document, and thus bypass products of
three editors.

A malicious PDF document is not detected by Symantec and Norton
products. [grav:2/4; G-SEC 47-2009]

A malicious PDF document is not detected by F-Secure products.
[grav:2/4; BID-36876, FSC-2009-3, G-SEC 48-2009]

A malicious PDF document is not detected by McAfee products. A
malicious TAR archive is also not detected by McAfee products.
[grav:2/4; BID-36848, CVE-2009-1348, G-SEC 49-2009, SB10003]

An attacker can therefore create a malicious PDF document which is
not detected by F-Secure, McAfee and Symantec products.

CHARACTERISTICS

– Identifiers: BID-36848, BID-36876, CVE-2009-1348, FSC-2009-3,
G-SEC 47-2009, G-SEC 48-2009, G-SEC 49-2009, SB10003,
VIGILANCE-VUL-9133
– Url: http://vigilance.fr/vulnerability/F-Secure-McAfee-Symantec-bypassing-via-PDF-9133