Vulnerabilities > CVE-2009-5125 - Unspecified vulnerability in Comodo Internet Security

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
comodo
nessus
NVD
Published: 2012-08-26
Updated: 2012-08-27

Summary

Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in an RAR archive via an unspecified manipulation of the archive file format.

Vulnerable Configurations

Part Description Count
Application
Comodo
18

Nessus

NASL familyWindows
NASL idCOMODO_INTERNET_SECURITY_39.NASL
descriptionThe version of Comodo Internet Security installed on the remote Windows host is earlier than 3.9. As such, it may be possible for certain RAR files to evade detection from the scanning engine.
last seen2020-06-01
modified2020-06-02
plugin id58230
published2012-05-02
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/58230
titleComodo Internet Security < 3.9 RAR Archive Scan Evasion
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58230);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2009-5125");
  script_bugtraq_id(34737);

  script_name(english:"Comodo Internet Security < 3.9 RAR Archive Scan Evasion");
  script_summary(english:"Checks version of Comodo Internet Security");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an antivirus application installed that
is affected by a scan evasion vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Comodo Internet Security installed on the remote 
Windows host is earlier than 3.9. As such, it may be possible for 
certain RAR files to evade detection from the scanning engine.");
  script_set_attribute(attribute:"see_also", value:"http://blog.zoller.lu/2009/04/comodo-antivirus-evasionbypass.html");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2009/Apr/256");
  script_set_attribute(attribute:"see_also", value:"https://www.comodo.com/home/download/release-notes.php?p=anti-malware");
  script_set_attribute(attribute:"solution", value:"Upgrade to Comodo Internet Security 3.9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("comodo_internet_security_installed.nasl");
  script_require_keys("SMB/Comodo Internet Security/Path", "SMB/Comodo Internet Security/Version");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("audit.inc");

version = get_kb_item_or_exit('SMB/Comodo Internet Security/Version');
path    = get_kb_item_or_exit('SMB/Comodo Internet Security/Path');

if (
  version =~ '^3\\.[5-8]\\.' ||
  (version =~ '^3\\.9\\.' && ver_compare(ver:version, fix:'3.9.95478.509', strict:FALSE) == -1)
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 3.9.95478.509\n';
    security_warning(port:get_kb_item('SMB/transport'), extra:report);
  }
  else security_warning(get_kb_item('SMB/transport'));
  exit(0);
}
else audit(AUDIT_INST_VER_NOT_VULN, 'Comodo Internet Security', version);

References