CVE-2009-1784
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
22/05/2009
Last modified:
09/04/2025
Description
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:avg:avg_anti-virus:*:*:*:*:*:*:*:* | 8.0.156 (including) | |
| cpe:2.3:a:avg:avg_anti-virus:6.0.710:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.0.251:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.0.323:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.1.308:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.1.407:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.5.51:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.5.448:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:7.5.476:*:*:*:*:*:*:* | ||
| cpe:2.3:a:avg:avg_anti-virus:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html
- http://www.securityfocus.com/archive/1/503392/100/0/threaded
- http://www.securityfocus.com/bid/34895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50426
- http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html
- http://www.securityfocus.com/archive/1/503392/100/0/threaded
- http://www.securityfocus.com/bid/34895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50426