CVE-2008-5530 - Vulnerability Details - OpenCVE

Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00293.

Key SSVC decision points have not yet been added.

Vendors	Products
Avg	Ewido Security Suite
Ewido	Ewido Security Suite
Microsoft	Internet Explorer

Configuration 1 [-]

AND

OR	cpe:2.3:a:avg:ewido_security_suite:4.0:::::::*
	cpe:2.3:a:ewido:ewido_security_suite:4.0:::::::*

OR	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://securityreason.com/securityalert/4723
http://www.securityfocus.com/archive/1/498995/100/0/threaded
http://www.securityfocus.com/archive/1/499043/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-12-12T18:13:00

Updated: 2024-08-07T10:56:47.244Z

Reserved: 2008-12-12T00:00:00

Link: CVE-2008-5530

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-12-12T18:30:02.877

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5530

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "multiple-antivirus-mzheader-code-execution(47435)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"}, {"name": "4723", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4723"}, {"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"}, {"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5530", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "multiple-antivirus-mzheader-code-execution(47435)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"}, {"name": "4723", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4723"}, {"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"}, {"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:56:47.244Z"}, "title": "CVE Program Container", "references": [{"name": "multiple-antivirus-mzheader-code-execution(47435)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"}, {"name": "4723", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4723"}, {"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"}, {"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5530", "datePublished": "2008-12-12T18:13:00", "dateReserved": "2008-12-12T00:00:00", "dateUpdated": "2024-08-07T10:56:47.244Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avg:ewido_security_suite:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DECAB8A9-3AB4-4709-8B77-7E68D3BCF314", "vulnerable": true}, {"criteria": "cpe:2.3:a:ewido:ewido_security_suite:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "150F9897-9B32-4638-A172-31E208F31AE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."}, {"lang": "es", "value": "Ewido Security Suite v4.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detecci\u00f3n de malware en un documento HTML colocando una cabecera MZ (alias \"EXE info\") al principio, y modificar el nombre del archivo a (1 ) sin extensi\u00f3n, (2) una extensi\u00f3n. txt, o (3) una extensi\u00f3n .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745."}], "id": "CVE-2008-5530", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-12-12T18:30:02.877", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4723"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}