VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Jun 16, 2026

CVE-2005-3227

CVE-2005-3227

Description

Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

Root cause

"Multiple interpretation error: the antivirus scanner and the archiver disagree on whether the malformed RAR headers are valid, allowing the scanner to skip the embedded payload while the archiver extracts it."

Attack vector

An attacker creates a specially crafted RAR archive with malformed central and local headers that contain a malicious executable (e.g., the EICAR test file). When this archive is scanned by UNA Antivirus (and many other engines), the malformed headers cause the scanner to fail to detect the embedded virus. However, archivers such as Winrar and PowerZip can still open and extract the malicious content from the same archive, while Winzip and BitZipper reject it as corrupted [ref_id=1].

Affected code

The advisory does not specify particular functions or file paths. It describes a crafted RAR archive with "malformed central and local headers" that causes multiple antivirus engines (including UNA Antivirus) to fail to detect the embedded malicious payload [ref_id=1].

What the fix does

No patch is provided in the bundle. The advisory does not include remediation guidance from the vendor. The report simply documents the bypass technique and lists affected antivirus products, but does not describe any fix or mitigation [ref_id=1].

Preconditions

  • inputAttacker must craft a RAR archive with malformed central and local headers.
  • configVictim must use an affected antivirus product (e.g., UNA Antivirus) that fails to scan the malformed archive correctly.
  • configVictim must use an archiver (e.g., Winrar, PowerZip) that can still extract the malformed archive.

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.