Vigil@nce: Panda, bypassing via CAB/TAR
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a CAB/TAR archive containing a virus which
is not detected by Panda.
Severity: 2/4
Consequences: data flow
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by a trusted third party (4/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/05/2009
IMPACTED PRODUCTS
– Panda Antivirus
– Panda Internet Security
DESCRIPTION OF THE VULNERABILITY
Panda products detect viruses contained in CAB/TAR archives.
However, an attacker can create a slightly malformed archive,
which can still be opened by tools, but which cannot be opened by
the antivirus.
An attacker can therefore create a CAB/TAR archive containing a
virus which is not detected by Panda.
CHARACTERISTICS
Identifiers: BID-35072, TZO-24-2009, TZO-25-2009,
VIGILANCE-VUL-8733
http://vigilance.fr/vulnerability/Panda-bypassing-via-CAB-TAR-8733