Lucene search

[email protected]CVE-2005-3378

HistoryOct 30, 2005 - 2:34 p.m.

CVE-2005-3378

2005-10-3014:34:00

[email protected]

web.nvd.nist.gov

cve-2005-3378

norman 5.81

5.83.02 engine

remote attackers

virus scanning

magic byte bug

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an “MZ” magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a “triple headed” program that contains EXE, EML, and HTML content, aka the “magic byte bug.”

Affected configurations

NVD

Node

normannorman_virus_controlMatch5.81_engine_5.83.02

CPENameOperatorVersion
norman:norman_virus_controlnorman norman virus controleq5.81_engine_5.83.02

CPE	Name	Operator	Version
norman:norman_virus_control	norman norman virus control	eq	5.81_engine_5.83.02

References

marc.info/?l=bugtraq&m=113026417802703&w=2

www.securityelf.org/magicbyte.html

www.securityelf.org/magicbyteadv.html

www.securityelf.org/updmagic.html

www.securityfocus.com/bid/15189

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for CVE-2005-3378

cvelist1 nvd1