CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5522

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile37.42th
PublishedDec 12, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Affected Platforms (CPE)

πŸ“¦
Avg

Antivirus

= 8.0.0.161

References & Advisories

πŸ”— http://securityreason.com/securityalert/4723
πŸ”— http://www.securityfocus.com/archive/1/498995/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/499043/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47435
πŸ”— http://securityreason.com/securityalert/4723
πŸ”— http://www.securityfocus.com/archive/1/498995/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/499043/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

Related Vulnerabilities

CVE-2004-048710.0

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consump...

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2000-079310.0

Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first use...

CVE-2005-201710.0

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a h...