Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Archive Zip
  • Archive Zip
Broadcom
  • Brightstor Arcserve Backup
  • Etrust Antivirus
  • Etrust Antivirus Gateway
  • Etrust Ez Antivirus
  • Etrust Ez Armor
  • Etrust Intrusion Detection
  • Etrust Secure Content Manager
  • Inoculateit
Ca
  • Etrust Antivirus
  • Etrust Secure Content Manager
Eset Software
  • Nod32 Antivirus
Gentoo
  • Linux
Kaspersky Lab
  • Kaspersky Anti-virus
Mandrakesoft
  • Mandrake Linux
Mcafee
  • Antivirus Engine
Rav Antivirus
  • Rav Antivirus Desktop
  • Rav Antivirus For File Servers
  • Rav Antivirus For Mail Servers
Sophos
  • Sophos Anti-virus
  • Sophos Puremessage Anti-virus
  • Sophos Small Business Suite
Suse
  • Suse Linux

Configuration 1 [-]

OR cpe:2.3:a:archive_zip:archive_zip:1.13:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_antivirus:7.0_sp2:*:*:*:*:*:*:*
cpe:2.3:a:ca:etrust_secure_content_manager:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:eset_software:nod32_antivirus:1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:3.0:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:antivirus_engine:4.3.20:*:*:*:*:*:*:*
cpe:2.3:a:rav_antivirus:rav_antivirus_desktop:8.6:*:*:*:*:*:*:*
cpe:2.3:a:rav_antivirus:rav_antivirus_for_file_servers:1.0:*:*:*:*:*:*:*
cpe:2.3:a:rav_antivirus:rav_antivirus_for_mail_servers:8.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_puremessage_anti-virus:4.6:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_small_business_suite:1.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true cve-icon cve-icon
http://www.kb.cert.org/vuls/id/968818 cve-icon cve-icon
http://www.securityfocus.com/bid/11448 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/17761 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-11-19T05:00:00

Updated: 2024-08-08T00:31:48.124Z

Reserved: 2004-10-04T00:00:00

Link: CVE-2004-0934

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-01-27T05:00:00.000

Modified: 2021-04-09T17:00:09.303

Link: CVE-2004-0934

cve-icon Redhat

No data.