Detections
Analytics
McAfee Antivirus TAR / PDF Scan Evasion (SB10003)
medium Nessus Plugin ID 42290
Synopsis
An antivirus application installed on the remote host is affected by a scan evasion vulnerability.Description
The McAfee antivirus application installed on the remote host is affected by a scan evasion vulnerability due to the virus definitions being out of date. In this case, the DAT file version of the installed antivirus product is prior to 5693. An attacker can exploit this, by embedding malicious code in a specially crafted TAR or PDF file, to evade detection by the scanning engine.Solution
Update the McAfee DAT file to version 5693 or later.See Also
http://www.g-sec.lu/mcafee-pdf-bypass.html
https://seclists.org/bugtraq/2009/Oct/273
https://kc.mcafee.com/corporate/index?page=content&id=SB10003
Plugin Details
Severity: Medium
ID: 42290
File Name: mcafee_tar_pdf_file_scan_evasion.nasl
Version: 1.18
Type: local
Agent: windows
Family: Windows
Published: 10/28/2009
Updated: 1/2/2019
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
CPE: cpe:/a:mcafee:virusscan_plus, cpe:/a:mcafee:mcafee:total_protection, cpe:/a:mcafee:internet_security_suite, cpe:/a:mcafee:virusscan_usb, cpe:/a:mcafee:virusscan_enterprise, cpe:/a:mcafee:virusscan_commandline, cpe:/a:mcafee:securityshield_for_microsoft_isa_server, cpe:/a:mcafee:securityshield_for_microsoft_sharepoint, cpe:/a:mcafee:securityshield_for_email_servers, cpe:/a:mcafee:email_gateway, cpe:/a:mcafee:total_protection_for_endpoint, cpe:/a:mcafee:active_virus_defense, cpe:/a:mcafee:active_virusscan, cpe:/a:mcafee:linuxshield, cpe:/a:mcafee:groupshield, cpe:/a:mcafee:netshield, cpe:/a:mcafee:portalshield, cpe:/a:mcafee:virex
Required KB Items: Antivirus/McAfee/installed, Antivirus/McAfee/dat_version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/20/2009
Vulnerability Publication Date: 10/27/2009
Reference Information
BID: 36848
MCAFEE-SB: SB10003
Secunia: 37179