6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
86.1%
The remote host has an antivirus product from F-Secure installed. The installed version of the product fails to accurately scan certain ZIP and RAR archive files. Therefore, it may be possible for such files to evade detection from the scanning engine.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(38718);
script_version("1.17");
script_cvs_date("Date: 2018/07/12 15:01:52");
script_cve_id("CVE-2009-1782");
script_bugtraq_id(34849);
script_xref(name:"Secunia", value:"35008");
script_name(english:"F-Secure Products ZIP/RAR File Scan Evasion (FSC-2009-1)");
script_summary(english:"Checks version of fm4av.dll.");
script_set_attribute(attribute:"synopsis", value:
"An antivirus application installed on the remote host is affected by
a scan evasion vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote host has an antivirus product from F-Secure installed. The
installed version of the product fails to accurately scan certain ZIP
and RAR archive files. Therefore, it may be possible for such files to
evade detection from the scanning engine.");
# https://web.archive.org/web/20090510034628/http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7cf449be");
script_set_attribute(attribute:"solution", value:
"Apply the vendor-supplied patches.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f-secure:f-secure_anti-virus");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password", "SMB/registry_full_access", "SMB/transport");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("audit.inc");
include("misc_func.inc");
name = kb_smb_name();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
port = kb_smb_transport();
#if (!get_port_state(port))
# exit(0);
#soc = open_sock_tcp(port);
#if (!soc) exit(0);
#session_init(socket:soc, hostname:name);
if(!smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');
rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1) {
exit(0);
}
path = NULL;
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
NetUseDel();
exit (0);
}
key = "SOFTWARE\Data Fellows\F-Secure\Content Scanner Server";
item = "Path";
hkey = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if (!isnull(hkey))
{
value = RegQueryValue(handle:hkey, item:item);
if (!isnull(value))
path = value[1];
RegCloseKey (handle:hkey);
}
RegCloseKey (handle:hklm);
NetUseDel ();
if(isnull(path))
exit(0);
if (!isnull(path) && is_accessible_share())
{
# fm4av.dll is updated after applying the patch.
if ( hotfix_check_fversion(file:"fm4av.dll", version:"3.1.15160.1", path:path) == HCF_OLDER )
security_warning(port);
hotfix_check_fversion_end();
}
else audit(AUDIT_HOST_NOT, 'affected');
Vendor | Product | Version | CPE |
---|---|---|---|
f-secure | f-secure_anti-virus | cpe:/a:f-secure:f-secure_anti-virus |