CVE-2008-5546

Name of the Vulnerable Software and Affected Versions VirusBlokAda VBA32 version 3.12.8.5

Description The issue allows remote attackers to bypass malware detection in HTML documents by modifying the file to include an MZ header at the beginning and altering the filename extension to have no extension, a .txt extension, or a .jpg extension.

Recommendations For VirusBlokAda VBA32 version 3.12.8.5, consider updating the software to a version that properly detects malware in HTML documents with modified filename extensions. As a temporary workaround, restrict the handling of files with no extension, .txt extension, or .jpg extension in Internet Explorer 6 or 7 to minimize the risk of exploitation.