Xhakerman2006

**Name of the Vulnerable Software and Affected Versions** AhnLab V3 versions 2008.9.13.0 through 2008.12.4.1 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For AhnLab V3 versions 2008.9.13.0 through 2008.12.4.1, consider updating the software to a version that includes a fix for this issue, as the current version allows malware to bypass detection under specific conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Avira AntiVir versions 7.8.1.28 through 7.9.0.36 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For Avira AntiVir versions 7.8.1.28 through 7.9.0.36, consider updating the software to a version that includes a fix for this issue, as using Internet Explorer 6 or 7 with the affected Avira AntiVir versions poses a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AVG Anti-Virus version 8.0.0.161 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename extension to have no extension, a .txt extension, or a .jpg extension. This can be exploited when using Internet Explorer 6 or 7. **Recommendations** For AVG Anti-Virus version 8.0.0.161, consider updating the software to a version that includes a fix for this issue, as using outdated versions may leave systems vulnerable to malware bypass attacks.

**Name of the Vulnerable Software and Affected Versions** avast! antivirus version 4.8.1281.0 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension. **Recommendations** For avast! antivirus version 4.8.1281.0, consider updating the software to a version that includes improved malware detection capabilities to prevent bypassing of malware detection in HTML documents.

**Name of the Vulnerable Software and Affected Versions** CAT-QuickHeal versions 9.50 through 10.00 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For CAT-QuickHeal versions 9.50 through 10.00, update the software to a version that includes improved malware detection capabilities to prevent bypassing of malware detection.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.93.1 through 0.94.1 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For ClamAV versions 0.93.1 through 0.94.1, consider updating the malware detection rules to properly handle HTML documents with modified filenames and MZ headers. As a temporary workaround, restrict the handling of files with no extension, .txt extension, or .jpg extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Aladdin eSafe version 7.0.17.0 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension. **Recommendations** For Aladdin eSafe version 7.0.17.0, consider updating the software to a version that includes fixes for this issue, as using Internet Explorer 6 or 7 with the current version may allow malware to bypass detection.

**Name of the Vulnerable Software and Affected Versions** Ewido Security Suite version 4.0 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename to have no extension, a .txt extension, or a .jpg extension. This can be exploited when using Internet Explorer 6 or 7. **Recommendations** For Ewido Security Suite version 4.0, consider updating the software to a version that includes improved malware detection capabilities to prevent bypassing of malware detection. As a temporary workaround, restrict the use of Internet Explorer 6 or 7 when using Ewido Security Suite version 4.0 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ikarus Virus Utilities version T3.1.1.45.0 Ikarus Virus Utilities version T3.1.1.34.0 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For Ikarus Virus Utilities version T3.1.1.45.0, update the software to detect malware in HTML documents with modified filenames and MZ headers. For Ikarus Virus Utilities version T3.1.1.34.0, update the software to detect malware in HTML documents with modified filenames and MZ headers.

**Name of the Vulnerable Software and Affected Versions** K7AntiVirus versions 7.10.454 through 7.10.541 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension. **Recommendations** For K7AntiVirus versions 7.10.454 through 7.10.541, consider updating the software to a version that includes a fix for this issue, as the current version allows malware to bypass detection under specific conditions.

**Name of the Vulnerable Software and Affected Versions** ESET NOD32 Antivirus versions 3440 through 3662 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For ESET NOD32 Antivirus versions 3440 through 3662, consider updating the software to a version that includes improved malware detection capabilities to prevent bypassing of malware detection.

**Name of the Vulnerable Software and Affected Versions** Norman Antivirus version 5.80.02 **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension. **Recommendations** For Norman Antivirus version 5.80.02, update the software to a version that includes a fix for this issue, as using Internet Explorer 6 or 7 with the current version may allow malware to bypass detection.

**Name of the Vulnerable Software and Affected Versions** RISING Antivirus versions 20.61.42.00 through 21.06.31.00 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename to have no extension, a .txt extension, or a .jpg extension. This can be exploited when using Internet Explorer 6 or 7. **Recommendations** For RISING Antivirus version 20.61.42.00, update to a version later than 21.06.31.00 to ensure the issue is resolved. For RISING Antivirus version 21.06.31.00, consider avoiding the use of Internet Explorer 6 or 7 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Secure Computing Secure Web Gateway (affected versions not specified) **Description** The issue allows remote attackers to bypass detection of malware in an HTML document. This can be achieved by placing an MZ header at the beginning of the document and modifying the filename to have either no extension, a .txt extension, or a .jpg extension. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sophos Anti-Virus version 4.33.0 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename extension to have no extension, a .txt extension, or a .jpg extension. **Recommendations** For Sophos Anti-Virus version 4.33.0, consider updating the software to a version that includes improved malware detection capabilities to prevent bypassing of malware detection. As a temporary workaround, restrict the handling of files with modified extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sunbelt VIPRE versions 3.1.1633.1 through 3.1.1832.2 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file header and extension. This can be achieved by placing an MZ header at the beginning of the file and changing the filename to have no extension, a .txt extension, or a .jpg extension. This technique can be used to bypass detection of exploits, such as the one demonstrated for a specific vulnerability. **Recommendations** For Sunbelt VIPRE version 3.1.1633.1, update to a version that is not affected by this issue. For Sunbelt VIPRE version 3.1.1832.2, update to a version that is not affected by this issue. As a temporary workaround, consider restricting the processing of files with modified headers and extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VirusBuster version 4.5.11.0 **Description** The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename to have no extension, a .txt extension, or a .jpg extension. This can be exploited when Internet Explorer 6 or 7 is used. **Recommendations** For VirusBuster version 4.5.11.0, consider updating the software to a version that includes a fix for this issue, as the current version allows malware to bypass detection under specific conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.