McAfee Antivirus TAR / PDF Scan Evasion (SB10003)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

An antivirus application installed on the remote host is affected by a
scan evasion vulnerability.

Description :

The McAfee antivirus application installed on the remote host is
affected by a scan evasion vulnerability due to the virus definitions
being out of date. In this case, the DAT file version of the installed
antivirus product is prior to 5693. An attacker can exploit this, by
embedding malicious code in a specially crafted TAR or PDF file, to
evade detection by the scanning engine.

See also :

http://www.g-sec.lu/mcafee-pdf-bypass.html
http://seclists.org/bugtraq/2009/Oct/273
https://kc.mcafee.com/corporate/index?page=content&id=SB10003

Solution :

Update the McAfee DAT file to version 5693 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 42290 ()

Bugtraq ID: 36848

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now