McAfee Antivirus ZIP / RAR Scan Evasion

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

An antivirus application installed on the remote host is affected by a
scan evasion vulnerability.

Description :

The McAfee antivirus application installed on the remote host is
affected by a scan evasion vulnerability due to the virus definitions
being out of date. In this case, the DAT file version of the installed
antivirus product is prior to 5600. An attacker can exploit this, by
embedding malicious code in a specially crafted ZIP or RAR file, to
evade detection by the scanning engine.

See also :

http://www.nessus.org/u?ccdf87f9
http://seclists.org/fulldisclosure/2009/Apr/309
http://www.nessus.org/u?24888ca6

Solution :

Update the McAfee DAT file to version 5600 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 38654 ()

Bugtraq ID: 34780

CVE ID: CVE-2009-1348

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now