Vigil@nce: Norman Antivirus, bypassing via RAR
June 2009 by Vigil@nce
An attacker can create a RAR archive containing a virus which is
not detected by Norman products.
Severity: 2/4
Consequences: data flow
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/06/2009
IMPACTED PRODUCTS
– Norman Virus Control
DESCRIPTION OF THE VULNERABILITY
Norman products detect viruses contained in RAR archives.
However, an attacker can create a slightly malformed archive (Size
and Method), which can still be opened by Unrar tools, but which
cannot be opened by the antivirus.
An attacker can therefore create a RAR archive containing a virus
which is not detected by Norman products.
CHARACTERISTICS
Identifiers: BID-35357, TZO-32-2009, VIGILANCE-VUL-8795
http://vigilance.fr/vulnerability/Norman-Antivirus-bypassing-via-RAR-8795