Multiple Vendor Antivirus RAR File Denial of Service Vulnerability Public Advisory: 12.08.06 // iDefense Labs



The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop.


* Sophos Small business edition (Windows/Linux) 4.06.1 with Engine version 2.34.3.<
* Trend Micro PC Cillin - Internet Security 2006
* Trend Micro Office Scan 7.3
* Trend Micro Server Protect 5.58