VAR-200812-0476

Vulnerability from variot - Updated: 2025-04-10 22:56

Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. This vulnerability CVE-2006-5745 Can be reproduced with documents included in the exploit.First by a third party MZ By arranging the header and changing the file name to the following name, HTML May prevent detection of malware in the document. (1) No extension (2) .txt extension (3) .jpg extension. Webwasher) allows remote attackers by placing an MZ header (i.e. An example of exploiting this vulnerability is a document that contains an exploit for CVE-2006-5745

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200812-0476",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "secure computing",
        "version": "*"
      },
      {
        "model": "webwasher",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "secure computing",
        "version": "*"
      },
      {
        "model": "secure web gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "securecomputing",
        "version": null
      },
      {
        "model": "webwasher",
        "scope": null,
        "trust": 0.8,
        "vendor": "securecomputing",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": null,
        "trust": 0.6,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": "webwasher",
        "scope": null,
        "trust": 0.6,
        "vendor": "secure computing",
        "version": null
      },
      {
        "model": "computing webwasher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      },
      {
        "model": "computing secure web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "secure",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "84676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:securecomputing:secure_web_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:securecomputing:webwasher",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "84676"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2008-5540",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-5540",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-35665",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-5540",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-5540",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200812-226",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-35665",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. This vulnerability CVE-2006-5745 Can be reproduced with documents included in the exploit.First by a third party MZ By arranging the header and changing the file name to the following name, HTML May prevent detection of malware in the document. (1) No extension (2) .txt extension (3) .jpg extension. Webwasher) allows remote attackers by placing an MZ header (i.e. An example of exploiting this vulnerability is a document that contains an exploit for CVE-2006-5745",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "BID",
        "id": "84676"
      },
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-5540",
        "trust": 2.8
      },
      {
        "db": "SREASON",
        "id": "4723",
        "trust": 2.0
      },
      {
        "db": "XF",
        "id": "47435",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20081209 MULTIPLE VENDOR ANTI-VIRUS SOFTWARE MALICIOUS WEBPAGE DETECTION BYPASS -UPDATE-",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20081208 MULTIPLE VENDOR ANTI-VIRUS SOFTWARE MALICIOUS WEBPAGE DETECTION BYPASS",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "84676",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-35665",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "db": "BID",
        "id": "84676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "id": "VAR-200812-0476",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-10T22:56:48.118000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.securecomputing.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://securityreason.com/securityalert/4723"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
      },
      {
        "trust": 0.9,
        "url": "http://xforce.iss.net/xforce/xfdb/47435"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/499043/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/498995/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5540"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5540"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "db": "BID",
        "id": "84676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "db": "BID",
        "id": "84676"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "date": "2008-12-12T00:00:00",
        "db": "BID",
        "id": "84676"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "date": "2008-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "date": "2008-12-12T18:30:03.063000",
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-35665"
      },
      {
        "date": "2008-12-12T00:00:00",
        "db": "BID",
        "id": "84676"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-5540"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Computing Secure Web Gateway In  HTML Vulnerabilities that prevent detection of malware in documents",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006544"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200812-226"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…