Exploit found in gavick extensions

Hello, below are results from fprot scan. Fprot detected CVE-2004-0597 exploit in png files. Files were directly downloaded from official gavick site. I think that these results aren't accurate - only 2 programs detected it - authentium and fprot. http://www.virustotal.com/analisis/ed67 ... 1249284855
Cheers, jarek.

Code: Select all

fpscan --report gavick/

F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007

Engine version: 4.4.4.56
Virus signatures: 2009080211159ecb1544980922d0f40ff1d6fe6354ec
                  (/usr/share/fprot/antivir.def)

[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_slides.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_settings.png
[Contains infected objects]   gavick/Photoslide GK3/component/fhg/com_gk3_photoslide.zip
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_settings.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_manage_slides.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/fhg/com_gk3_photoslide/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_slides.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_settings.png
[Contains infected objects]   gavick/Photoslide GK3/component/com_gk3_photoslide.zip
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_manage_tabs.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_settings.png
[Contains infected objects]   gavick/tabsmanager_3_pack/component/com_gk3_tabs_manager.zip
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_manage_slides.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/photoslide_3_pack.zip->Photoslide GK3/component/com_gk3_photoslide.zip->com_gk3_photoslide/interface/images/button_settings.png
[Contains infected objects]   gavick/photoslide_3_pack.zip
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_check_system.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_help.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_manage_groups.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_manage_tabs.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_news.png
[Found exploit] <CVE-2004-0597 (not disinfectable)>    gavick/tabsmanager_3_pack.zip->tabsmanager_3_pack/component/com_gk3_tabs_manager.zip->com_gk3_tabs_manager/interface/images/button_settings.png
[Contains infected objects]   gavick/tabsmanager_3_pack.zip
Scanning: |

Results:

Files: 223
Skipped files: 0
MBR/boot sectors checked: 0
Objects scanned: 2350
Infected objects: 36
Files with errors: 0
Disinfected: 0

Running time: 00:05


Thanks for the information.

Gavick team will investigate to see if this a cause for concern.

Best Regards,