AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Win) Network Vulnerability

Summary

This host is installed with AVG AntiVirus Product Suite for Windows and is prone to Malware Detection Bypass Vulnerability.

Impact

Successful exploitation will let the attacker craft malwares in a crafted archive file and spread it across the network to gain access to sensitive information or cause damage to the remote system. Impact Level: System

Solution

Upgrade to the AVG Anti-Virus Scanning Engine build 8.5.323 http://www.avg.com/download

Insight

Error in the file parsing engine can be exploited to bypass the anti-virus scanning functionality via a specially crafted ZIP or RAR file.

Affected

AVG Anti-Virus prior to 8.5.323 AVG File Server Edition prior to 8.5.323 on Windows

References

http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html
http://xforce.iss.net/xforce/xfdb/50426

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1784

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FSP Suite Directory Traversal Vulnerability
Kiwi CatTools < 3.2.9 Directory Traversal
The ACC router shows configuration without authentication
WebLogic Server DoS
MySQL mysqld Privilege Escalation Vulnerability

Take action and discover your vulnerabilities