CVE-2008-5526: Input Validation
First published: Fri Dec 12 2008(Updated: )
DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dr.Web Antivirus | =4.44.0.09170 | |
| Internet Explorer | =6 | |
| Internet Explorer | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-5526?
CVE-2008-5526 is classified as a medium severity vulnerability.
How do I fix CVE-2008-5526?
To fix CVE-2008-5526, update to a newer version of Dr.Web Anti-virus that does not have this vulnerability.
What software is affected by CVE-2008-5526?
CVE-2008-5526 affects Dr.Web Anti-virus version 4.44.0.09170 when used with Internet Explorer 6 or 7.
Is CVE-2008-5526 exploitable remotely?
Yes, CVE-2008-5526 is exploitable remotely by attackers using specially crafted HTML documents.
What type of attack does CVE-2008-5526 enable?
CVE-2008-5526 enables attackers to bypass malware detection in Dr.Web Anti-virus by modifying file headers and extensions.
- collector/nvd-historical
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/drweb
- canonical/dr.web antivirus
- version/dr.web antivirus/4.44.0.09170
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/6
- version/internet explorer/7