Vulnerability Details : CVE-2004-1096

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published 2005-01-10 05:00:00

Updated 2021-04-09 17:00:09

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-1096

Probability of exploitation activity in the next 30 days: 2.78%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1096

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2004-1096

http://www.securityfocus.com/bid/11448

Exploit;Patch;Vendor Advisory

CVEs referencing this url
http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true

Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/17761

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml

Patch;Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:118
http://www.kb.cert.org/vuls/id/492545

US Government Resource

Products affected by CVE-2004-1096

Mandrakesoft » Mandrake Linux » Version: 10.1
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 10.1 X86 64 Edition
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.2
cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*
Matching versions
CA » Etrust Antivirus » Version: 7.0 Sp2
cpe:2.3:a:ca:etrust_antivirus:7.0_sp2:*:*:*:*:*:*:*
Matching versions
CA » Etrust Secure Content Manager » Version: 1.0 Update SP1
cpe:2.3:a:ca:etrust_secure_content_manager:1.0:sp1:*:*:*:*:*:*
Matching versions
Mcafee » Antivirus Engine » Version: 4.3.20
cpe:2.3:a:mcafee:antivirus_engine:4.3.20:*:*:*:*:*:*:*
Matching versions
Kaspersky Lab » Kaspersky Anti-virus » Version: 4.0
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0:*:*:*:*:*:*:*
Matching versions
Kaspersky Lab » Kaspersky Anti-virus » Version: 5.0
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:5.0:*:*:*:*:*:*:*
Matching versions
Kaspersky Lab » Kaspersky Anti-virus » Version: 3.0
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:3.0:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Matching versions
Gentoo » Linux » Version: 1.4
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Matching versions
Eset Software » Nod32 Antivirus » Version: 1.0.12
cpe:2.3:a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*
Matching versions
Eset Software » Nod32 Antivirus » Version: 1.0.11
cpe:2.3:a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*
Matching versions
Eset Software » Nod32 Antivirus » Version: 1.0.13
cpe:2.3:a:eset_software:nod32_antivirus:1.0.13:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.79
cpe:2.3:a:sophos:sophos_anti-virus:3.79:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.80
cpe:2.3:a:sophos:sophos_anti-virus:3.80:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.78
cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.78d
cpe:2.3:a:sophos:sophos_anti-virus:3.78d:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.85
cpe:2.3:a:sophos:sophos_anti-virus:3.85:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.86
cpe:2.3:a:sophos:sophos_anti-virus:3.86:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.81
cpe:2.3:a:sophos:sophos_anti-virus:3.81:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.82
cpe:2.3:a:sophos:sophos_anti-virus:3.82:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.4.6
cpe:2.3:a:sophos:sophos_anti-virus:3.4.6:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.83
cpe:2.3:a:sophos:sophos_anti-virus:3.83:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Anti-virus » Version: 3.84
cpe:2.3:a:sophos:sophos_anti-virus:3.84:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Puremessage Anti-virus » Version: 4.6
cpe:2.3:a:sophos:sophos_puremessage_anti-virus:4.6:*:*:*:*:*:*:*
Matching versions
Sophos » Sophos Small Business Suite » Version: 1.0
cpe:2.3:a:sophos:sophos_small_business_suite:1.0:*:*:*:*:*:*:*
Matching versions
Rav Antivirus » Rav Antivirus Desktop » Version: 8.6
cpe:2.3:a:rav_antivirus:rav_antivirus_desktop:8.6:*:*:*:*:*:*:*
Matching versions
Rav Antivirus » Rav Antivirus For File Servers » Version: 1.0
cpe:2.3:a:rav_antivirus:rav_antivirus_for_file_servers:1.0:*:*:*:*:*:*:*
Matching versions
Rav Antivirus » Rav Antivirus For Mail Servers » Version: 8.4.2
cpe:2.3:a:rav_antivirus:rav_antivirus_for_mail_servers:8.4.2:*:*:*:*:*:*:*
Matching versions
Broadcom » Inoculateit » Version: 6.0
cpe:2.3:a:broadcom:inoculateit:6.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Intrusion Detection » Version: 1.4.5
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.5:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Intrusion Detection » Version: 1.5
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.5:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Intrusion Detection » Version: 1.4.1.13
cpe:2.3:a:broadcom:etrust_intrusion_detection:1.4.1.13:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Antivirus » Version: 6.2
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.2:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Antivirus » Version: 6.3
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.3:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Antivirus » Version: 6.1
cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Secure Content Manager » Version: 1.0
cpe:2.3:a:broadcom:etrust_secure_content_manager:1.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Secure Content Manager » Version: 1.1
cpe:2.3:a:broadcom:etrust_secure_content_manager:1.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Antivirus Gateway » Version: 7.1
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Antivirus Gateway » Version: 7.0
cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Brightstor Arcserve Backup » Version: 11.1
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Antivirus » Version: 7.0
cpe:2.3:a:broadcom:etrust_antivirus:7.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Antivirus » Version: 7.1
cpe:2.3:a:broadcom:etrust_antivirus:7.1:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Armor » Version: 2.0
cpe:2.3:a:broadcom:etrust_ez_armor:2.0:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Armor » Version: 2.3
cpe:2.3:a:broadcom:etrust_ez_armor:2.3:*:*:*:*:*:*:*
Matching versions
Broadcom » Etrust Ez Armor » Version: 2.4
cpe:2.3:a:broadcom:etrust_ez_armor:2.4:*:*:*:*:*:*:*
Matching versions