ID CVE-2005-3379 Type cve Reporter NVD Modified 2018-10-19T11:36:19
Description
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
{"id": "CVE-2005-3379", "bulletinFamily": "NVD", "title": "CVE-2005-3379", "description": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", "published": "2005-10-30T09:34:00", "modified": "2018-10-19T11:36:19", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3379", "reporter": "NVD", "references": ["http://www.securityelf.org/updmagic.html", "http://www.securityelf.org/magicbyte.html", "http://marc.info/?l=bugtraq&m=113026417802703&w=2", "http://www.securityfocus.com/archive/1/415173", "http://www.securityfocus.com/bid/15189", "http://www.securityelf.org/magicbyteadv.html"], "cvelist": ["CVE-2005-3379"], "type": "cve", "lastseen": "2018-10-20T11:06:11", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:trend_micro:officescan:7.0_engine_7.510.1002", "cpe:/a:trend_micro:pc-cillin_2005:12.0.1244_engine_7.510.1002"], "cvelist": ["CVE-2005-3379"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", "edition": 2, "enchantments": {"score": {"modified": "2017-04-18T15:51:35", "value": 5.0, "vector": "NONE"}}, "hash": "43671cc65d0b4be29583ded4c74419d9f0e5cd42721605a7c8a55a9eeb7b13bb", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e1b60c3fc92c93f04691c445b3370323", "key": "title"}, {"hash": "6c1b1e3b8f8cb8bbd2a8e24fa0eab5ae", "key": "references"}, {"hash": "b0482ffa07291d52fc040adba315efad", "key": "published"}, {"hash": "c40d560b80ec786223a3187d42414ec3", "key": "cpe"}, {"hash": "597c2ae7fa2500b5e43eaec0141af5d2", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "51d3b7101bfed41f189fd4e756f6c160", "key": "modified"}, {"hash": "9597fe509b7f7d52b39ab4a03c80d9ee", "key": "description"}, {"hash": "a4042cd9c46bd1d20f5b28af5d8e7472", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3379", "id": "CVE-2005-3379", "lastseen": "2017-04-18T15:51:35", "modified": "2016-10-17T23:34:57", "objectVersion": "1.2", "published": "2005-10-30T09:34:00", "references": ["http://www.securityelf.org/updmagic.html", "http://www.securityelf.org/magicbyte.html", "http://marc.info/?l=bugtraq&m=113026417802703&w=2", "http://www.securityfocus.com/archive/1/archive/1/415173", "http://www.securityfocus.com/bid/15189", "http://www.securityelf.org/magicbyteadv.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-3379", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:51:35"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:trend_micro:officescan:7.0_engine_7.510.1002", "cpe:/a:trend_micro:pc-cillin_2005:12.0.1244_engine_7.510.1002"], "cvelist": ["CVE-2005-3379"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an \"MZ\" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a \"triple headed\" program that contains EXE, EML, and HTML content, aka the \"magic byte bug.\"", "edition": 1, "hash": "2e91a764d23ee893a302348ee1d009c6df357f76e36de29c971f934f9edff8f3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "e1b60c3fc92c93f04691c445b3370323", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b0482ffa07291d52fc040adba315efad", "key": "published"}, {"hash": "c40d560b80ec786223a3187d42414ec3", "key": "cpe"}, {"hash": "597c2ae7fa2500b5e43eaec0141af5d2", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "89ef843449187974e36ce36b342da916", "key": "references"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9597fe509b7f7d52b39ab4a03c80d9ee", "key": "description"}, {"hash": "a4042cd9c46bd1d20f5b28af5d8e7472", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97eabdab57ac82f9f1d01de37fc968b7", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3379", "id": "CVE-2005-3379", "lastseen": "2016-09-03T05:55:27", "modified": "2008-09-05T16:54:13", "objectVersion": "1.2", "published": "2005-10-30T09:34:00", "references": ["http://www.securityelf.org/updmagic.html", "http://www.securityelf.org/magicbyte.html", "http://www.securityfocus.com/archive/1/archive/1/415173", "http://marc.theaimsgroup.com/?l=bugtraq&m=113026417802703&w=2", "http://www.securityfocus.com/bid/15189", "http://www.securityelf.org/magicbyteadv.html"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-3379", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:55:27"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c40d560b80ec786223a3187d42414ec3"}, {"key": "cvelist", "hash": "a4042cd9c46bd1d20f5b28af5d8e7472"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "9597fe509b7f7d52b39ab4a03c80d9ee"}, {"key": "href", "hash": "597c2ae7fa2500b5e43eaec0141af5d2"}, {"key": "modified", "hash": "9d4e6adf308354e91970abc99d88dbc2"}, {"key": "published", "hash": "b0482ffa07291d52fc040adba315efad"}, {"key": "references", "hash": "c1a8d8a6e340abf812be7fdadab7f41d"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e1b60c3fc92c93f04691c445b3370323"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "790c81f844ddb33ccf8f514b0464dc7d7e6b739a3942996d5d5fdd7cda1c1c0c", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-10-20T11:06:11"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:trend_micro:officescan:7.0_engine_7.510.1002", "cpe:/a:trend_micro:pc-cillin_2005:12.0.1244_engine_7.510.1002"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:17", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://www.securityelf.org/magicbyte.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0539.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0077.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-10/0313.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0556.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0609.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0504.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0529.html\nGeneric Informational URL: http://news.com.com/Evasion+bug+bites+virus+shields/2100-1002_3-5924738.html\n[CVE-2005-3371](https://vulners.com/cve/CVE-2005-3371)\n[CVE-2005-3379](https://vulners.com/cve/CVE-2005-3379)\n[CVE-2005-3381](https://vulners.com/cve/CVE-2005-3381)\n[CVE-2005-3400](https://vulners.com/cve/CVE-2005-3400)\n[CVE-2005-3372](https://vulners.com/cve/CVE-2005-3372)\n[CVE-2005-3375](https://vulners.com/cve/CVE-2005-3375)\n[CVE-2005-3377](https://vulners.com/cve/CVE-2005-3377)\n[CVE-2005-3399](https://vulners.com/cve/CVE-2005-3399)\n[CVE-2005-3401](https://vulners.com/cve/CVE-2005-3401)\n[CVE-2005-3370](https://vulners.com/cve/CVE-2005-3370)\n[CVE-2005-3374](https://vulners.com/cve/CVE-2005-3374)\n[CVE-2005-3376](https://vulners.com/cve/CVE-2005-3376)\n[CVE-2005-3378](https://vulners.com/cve/CVE-2005-3378)\n[CVE-2005-3373](https://vulners.com/cve/CVE-2005-3373)\n[CVE-2005-3380](https://vulners.com/cve/CVE-2005-3380)\n[CVE-2005-3382](https://vulners.com/cve/CVE-2005-3382)\nBugtraq ID: 15189\n", "reporter": "OSVDB", "published": "2005-10-24T13:04:06", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Multiple Anti-Virus Crafted Filetype Header Scan Bypass (magic byte)", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-3401", "CVE-2005-3370", "CVE-2005-3382", "CVE-2005-3371", "CVE-2005-3380", "CVE-2005-3372", "CVE-2005-3400", "CVE-2005-3375", "CVE-2005-3373", "CVE-2005-3381", "CVE-2005-3374", "CVE-2005-3376", "CVE-2005-3377", "CVE-2005-3378", "CVE-2005-3399", "CVE-2005-3379"], "modified": "2005-10-24T13:04:06", "href": "https://vulners.com/osvdb/OSVDB:20932", "id": "OSVDB:20932", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
