Lucene search

[email protected]CVE-2005-3373

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3373

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

dr.web 4.32b

remote attackers

virus scanning

cve-2005-3373

interpretation error

magic byte sequence

bypass

security vulnerability

nvd

"magic byte bug"

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.3%

JSON

Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an “MZ” magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a “triple headed” program that contains EXE, EML, and HTML content, aka the “magic byte bug.”

Affected configurations

NVD

Node

dr.webdr.web_antivirusMatch4.32b

CPENameOperatorVersion
dr.web:dr.web_antivirusdr.web dr.web antiviruseq4.32b

CPE	Name	Operator	Version
dr.web:dr.web_antivirus	dr.web dr.web antivirus	eq	4.32b

References

marc.info/?l=bugtraq&m=113026417802703&w=2

www.securityelf.org/magicbyte.html

www.securityelf.org/magicbyteadv.html

www.securityelf.org/updmagic.html

www.securityfocus.com/bid/15189

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2005-3373

nvd1 cvelist1