Avira Anti-Virus Multiple Scan Evasions

Medium Nessus Network Monitor Plugin ID 5038

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

The remote client is running the Avira Anti-Virus engine.

This version of the Avira scan engine is vulnerable to a flaw wherein attackers can bypass the scan engine by submitting specially formatted 'ZIP', 'CAB', 'RAR', or 'LH' files. An attacer, exploiting this flaw, would be able to pass malicious code through the scan engine.

Solution

Upgrade to Avira scan engine 7.9.0.180/8.2.0.180 or later.

See Also

http://forum.avira.com/wbb/index.php?page=Thread&threadID=91375

http://www.securityfocus.com/archive/1/503914/30/0/threaded

http://www.securityfocus.com/archive/1/[email protected]

Plugin Details

Severity: Medium

ID: 5038

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 5014

Nessus ID: 38973

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Reference Information

BID: 35144