Bitdefender Malformed Archive bypass (RAR Compression Information)

[Outpost]

Content source

https://blog.zoller.lu/p/from-low-hanging-fruit-department.html

The parsing engine supports the RAR archive format. The parsing engine can be bypassed by specifically manipulating an RAR Archive (RAR Compression Information) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.

I may release further details after all known vulnerable vendors have patched their products.