[Pkg-clamav-devel] Bug#526041: clamav: CVE-2008-5525 malware detection bypass
Michael S. Gilbert
michael.s.gilbert at gmail.com
Tue Apr 28 19:48:05 UTC 2009
Package: clamav
Severity: grave
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were
published for clamav.
CVE-2008-5525[0]:
| ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is
| used, allows remote attackers to bypass detection of malware in an
| HTML document by placing an MZ header (aka "EXE info") at the
| beginning, and modifying the filename to have (1) no extension, (2) a
| .txt extension, or (3) a .jpg extension, as demonstrated by a document
| containing a CVE-2006-5745 exploit.
Please coordinate with the security team (team at security.debian.org) to
prepare packages for the stable releases.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5525
http://security-tracker.debian.net/tracker/CVE-2008-5525
More information about the Pkg-clamav-devel
mailing list