This host is installed with McAfee products and are prone to Security Bypass vulnerability.

Successful exploitation will allow attackers to bypass the anti-virus scanning and distribute files containing malicious code that the antivirus application will fail to detect. Impact Level: System/Application

Updates are available through DAT files 5600 or later http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Error in AV Engine fails to handle specially crafted packets via, - an invalid Headflags and Packsize fields in a malformed RAR archive. - an invalid Filelength field in a malformed ZIP archive.

McAfee VirusScan McAfee Email Gateyway McAfee Total Protection McAfee Active VirusScan McAfee Internet Security McAfee Security for Email Servers McAfee Security for Microsoft Sharepoint McAfee SecurityShield for Microsoft ISA Server McAfee software that uses DAT files prior to 5600 on Windows

• http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
• http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
• http://secunia.com/advisories/34949
• https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

---

Updated on 2015-03-25