Vulnerabilities > CVE-2005-3229 - Security Bypass vulnerability in ClamAV Antivirus

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

clam-anti-virus

NVD

Published: 2005-10-14

Updated: 2016-10-18

Summary

Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

Vulnerable Configurations

Part	Description	Count
Application	Clam_Anti-Virus Clam Anti Virus Clamav 0.90.2	1

References

http://marc.info/?l=bugtraq&m=112879611919750&w=2
http://shadock.net/secubox/AVCraftedArchive.html