CVEブラウザに戻る

CVE-2008-5523

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.1520%

EPSS Percentile1.91th

Published2008年12月12日

Last Modified2026年4月23日

Vulnerability Description

avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Affected Platforms (CPE)

📦

Avast

Avast Antivirus

= 4.8.1281.0

References & Advisories

🔗 http://securityreason.com/securityalert/4723

🔗 http://www.securityfocus.com/archive/1/498995/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/499043/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

🔗 http://securityreason.com/securityalert/4723

🔗 http://www.securityfocus.com/archive/1/498995/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/499043/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/47435

関連する脆弱性情報

CVE-2020-108679.8

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastS...

CVE-2017-83079.8

In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch p...

CVE-2010-31269.3

Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote a...

CVE-2021-453368.8

Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain...