Severity: 2/4

Consequences: data flow

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: unique source (2/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 15/06/2009

IMPACTED PRODUCTS

 Kaspersky Anti-Virus

DESCRIPTION OF THE VULNERABILITY

The body of a PDF document starts with the "%PDF" tag and ends with the last "%%EOF" tag. Lines located before and after these tags are ignored by Adobe Acrobat and FoxitReader.

However, if an attacker creates a malicious PDF document containing a line before the "%PDF" tag, Kaspersky products do not recognize the PDF format.

An attacker can therefore create a PDF archive containing a virus which is not detected by Kaspersky products.

CHARACTERISTICS

Identifiers: TZO-30-2009, VIGILANCE-VUL-8796 http://vigilance.fr/vulnerability/Kaspersky-Antivirus-bypassing-via-PDF-8796