VYPR
Unrated severityNVD Advisory· Published Dec 12, 2008· Updated Jun 16, 2026

CVE-2008-5521

CVE-2008-5521

Description

Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

Affected products

3
  • Free AV/Antivir2 versions
    cpe:2.3:a:free-av:antivir:7.8.1.28:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:free-av:antivir:7.8.1.28:*:*:*:*:*:*:*
    • cpe:2.3:a:free-av:antivir:7.9.0.36:*:*:*:*:*:*:*
  • Avira/Antivirllm-fuzzy
    Range: 7.9.0.36, 7.8.1.28

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.