CVE-2004-2305

Name of the Vulnerable Software and Affected Versions: Computer Associates eTrust Antivirus EE versions 6.0 through 7.0

Description: The issue allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file. This causes the antivirus software to scan only the password-protected file and skip the other files.

Recommendations: For versions 6.0 through 7.0, consider updating the ZIP file handling mechanism to scan all files within the archive, regardless of password protection, until a patch is available. As a temporary workaround, restrict the use of password-protected ZIP files to minimize the risk of exploitation.