CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5523

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile1.91th
PublishedDec 12, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Affected Platforms (CPE)

πŸ“¦
Avast

Avast Antivirus

= 4.8.1281.0

References & Advisories

πŸ”— http://securityreason.com/securityalert/4723
πŸ”— http://www.securityfocus.com/archive/1/498995/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/499043/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47435
πŸ”— http://securityreason.com/securityalert/4723
πŸ”— http://www.securityfocus.com/archive/1/498995/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/499043/100/0/threaded
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

Related Vulnerabilities

CVE-2020-108679.8

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS...

CVE-2017-83079.8

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch p...

CVE-2010-31269.3

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote a...

CVE-2021-453368.8

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain...