CVE

Id
35663  
CVE No.
CVE-2008-5546  
Status
Candidate  
Description
VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.  
Phase
Assigned (20081212)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
392334 35663 CVE-2008-5546 BUGTRAQ:20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass  View
392335 35663 CVE-2008-5546 URL:http://www.securityfocus.com/archive/1/archive/1/498995/100/0/threaded  View
392336 35663 CVE-2008-5546 BUGTRAQ:20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-  View
392337 35663 CVE-2008-5546 URL:http://www.securityfocus.com/archive/1/archive/1/499043/100/0/threaded  View
392338 35663 CVE-2008-5546 SREASON:4723  View
392339 35663 CVE-2008-5546 URL:http://securityreason.com/securityalert/4723  View
392340 35663 CVE-2008-5546 XF:multiple-antivirus-mzheader-code-execution(47435)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
46893 JVNDB-2008-002203 Sun Java Web Console における任意の Web サイトへリダイレクトされる脆弱性 Sun Java Web Console の console/faces/jsp/login/BeginLogin.jsp には、redirect_url パラメータの処理に不備があるため、任意の Web サイトへリダイレクトされる脆弱性が存在します。 CVE-2008-5550 35663 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002203.html  View