CVE-2009-1348: Input Validation
First published: Thu Apr 30 2009(Updated: )
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Active Virus Defense | ||
| McAfee VirusScan | ||
| McAfee Email Gateway | ||
| McAfee Internet Security Suite | ||
| McAfee Internet Security Suite | =2004 | |
| McAfee Internet Security Suite | =2005 | |
| McAfee Internet Security Suite | =2006 | |
| McAfee Internet Security Suite | =2009 | |
| Mcafee Securityshield For Email Servers | ||
| Microsoft ISA Server | ||
| McAfee SecurityShield for Microsoft SharePoint | ||
| McAfee Total Protection | =2009 | |
| McAfee Total Protection for Endpoint | ||
| McAfee VirusScan Command Line | ||
| McAfee VirusScan Enterprise | ||
| McAfee VirusScan Enterprise | ||
| McAfee VirusScan Enterprise | ||
| McAfee VirusScan Enterprise | ||
| McAfee VirusScan Plus | =2009 | |
| McAfee VirusScan USB |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-1348?
CVE-2009-1348 is considered a medium severity vulnerability due to potential bypass of virus detection.
How do I fix CVE-2009-1348?
To fix CVE-2009-1348, ensure that you update your McAfee software to the latest version and apply any available patches.
Which McAfee products are affected by CVE-2009-1348?
CVE-2009-1348 affects several McAfee products including VirusScan, Total Protection, and Internet Security.
Can CVE-2009-1348 be exploited remotely?
Yes, CVE-2009-1348 allows remote attackers to bypass virus detection capabilities.
What should I do if I am using vulnerable McAfee software related to CVE-2009-1348?
If using vulnerable McAfee software, it's important to upgrade to the latest version immediately to mitigate the risk.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/mcafee
- canonical/mcafee active virus defense
- canonical/mcafee virusscan
- canonical/mcafee email gateway
- canonical/mcafee internet security suite
- version/mcafee internet security suite/2004
- version/mcafee internet security suite/2005
- version/mcafee internet security suite/2006
- version/mcafee internet security suite/2009
- canonical/mcafee securityshield for email servers
- canonical/microsoft isa server
- canonical/mcafee securityshield for microsoft sharepoint
- canonical/mcafee total protection
- version/mcafee total protection/2009
- canonical/mcafee total protection for endpoint
- canonical/mcafee virusscan command line
- canonical/mcafee virusscan enterprise
- canonical/mcafee virusscan plus
- version/mcafee virusscan plus/2009
- canonical/mcafee virusscan usb