N/A

Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

N/A

N/A

McAfee Internet Security Suite魔法字节缺陷病毒检测绕过漏洞

McAfee Internet Security Suite是McAfee公司设计的 因特网安全特警套装。 (1)带4.4.00 引擎的McAfee Internet Security Suite 7.1.5 version 9.1.08和(2)带4400引擎的McAfee Corporate 8.0.0 patch 10存在多个解释错误。远程攻击者可通过带有"MZ"魔法字节序列的BAT、HTML和EML等文件绕过病毒扫描。该序列通常与EXE关联，它会使该文件被视为安全类型，仍可由端系统上的应用程序作为危

N/A

N/A