VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Jun 16, 2026

CVE-2005-3230

CVE-2005-3230

Description

Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

Root cause

"Multiple interpretation error: Panda Antivirus parses RAR file headers differently than archivers like WinRAR, so a specially crafted RAR with malformed central/local headers is treated as clean by the scanner but can still be extracted by end-user tools."

Attack vector

An attacker compresses a malicious executable (e.g., EICAR test file) into a RAR archive with deliberately malformed central and local headers [ref_id=1]. The antivirus engine fails to correctly parse the corrupted headers and does not scan the embedded payload, while archivers such as WinRAR and PowerZip still open and extract the file [ref_id=1]. The victim must extract the archive for the malware to execute; after extraction, standard detection resumes [ref_id=1].

Affected code

The advisory [ref_id=1] does not name specific functions or file paths. The defect lies in Panda Antivirus's RAR parsing logic, which rejects archives with malformed central/local headers instead of scanning the embedded content, while tolerant archivers (WinRAR, PowerZip) still extract the payload.

What the fix does

No patch is included in the bundle. The advisory [ref_id=1] does not provide a vendor fix or remediation. The underlying issue is a multiple-interpretation error: the antivirus must be updated to parse RAR headers in the same tolerant manner as the archivers that users employ, so that malformed headers do not cause the scanner to skip the embedded content.

Preconditions

  • inputAttacker must craft a RAR file with malformed central and local headers that still extracts correctly in WinRAR/PowerZip
  • configVictim must use Panda Antivirus (unspecified version) and extract the crafted archive with a tolerant archiver

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.