CVE-2005-3223
Description
Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:rising:rising_antivirus:*:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"Multiple interpretation error: the antivirus engine and the archiver utility parse the RAR file headers differently, so a specially crafted RAR with malformed central and local headers can be rejected as corrupted by the scanner but still extracted by WinRAR or PowerZip."
Attack vector
An attacker compresses a malicious executable (e.g., EICAR test file) into a RAR archive whose central and local headers are deliberately malformed. The antivirus scanner interprets the malformed headers as corruption and skips or fails to scan the embedded payload, while archivers such as WinRAR and PowerZip still open and extract the file [ref_id=1]. The bypassed malicious content does not pose a risk until extracted, at which point it would normally be detected by the antivirus — but the extraction step succeeds because the archiver and scanner disagree on the archive's validity [ref_id=1].
Affected code
The advisory does not name specific functions or file paths. It identifies the vulnerability as a "multiple interpretation error" in unspecified versions of Rising Antivirus when parsing RAR archives with malformed central and local headers [ref_id=1].
What the fix does
No patch is included in the bundle. The advisory does not specify a fix; it only documents the detection-bypass behavior across multiple antivirus products [ref_id=1]. Remediation would require antivirus vendors to align their RAR parsing logic with the archivers that users actually employ (WinRAR, PowerZip), so that malformed headers are handled consistently and the embedded content is still scanned.
Preconditions
- inputAttacker must craft a RAR file with malformed central and local headers that is rejected as corrupted by the antivirus but still extractable by WinRAR or PowerZip.
- networkThe crafted RAR must be delivered to the target (e.g., via email, download, or removable media) so that the user opens it with a vulnerable archiver.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.