CVE-2004-2442

Exp

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

Published: 2004-12-31 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2004-2442 is rated High Exploit Risk (69.4/100): CVSS Medium severity, with high exploitation likelihood (EPSS 18.90%, 95th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.23% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2004-2442

EDB-ID Source Kind Published Link
629 exploit_db edb 2004-11-14 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2004-2442

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-30 17.67% 18.90% +1.23%
2 2025-03-29 18.90% 17.67% -1.23%
3 2025-03-17 18.90%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2004-2442

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2004-2442

Affected software / configurations for CVE-2004-2442

Vendor Product Version Raw CPE
f-secure f-secure_anti-virus 4.51 cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_gateways:*:*:*:*:*
f-secure f-secure_anti-virus 4.51 cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_servers:*:*:*:*:*
f-secure f-secure_anti-virus 4.51 cpe:2.3:a:f-secure:f-secure_anti-virus:4.51:*:linux_workstations:*:*:*:*:*
f-secure f-secure_anti-virus 4.52 cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_gateways:*:*:*:*:*
f-secure f-secure_anti-virus 4.52 cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_servers:*:*:*:*:*
f-secure f-secure_anti-virus 4.52 cpe:2.3:a:f-secure:f-secure_anti-virus:4.52:*:linux_workstations:*:*:*:*:*
f-secure f-secure_anti-virus 4.60 cpe:2.3:a:f-secure:f-secure_anti-virus:4.60:*:samba_servers:*:*:*:*:*
f-secure f-secure_anti-virus 4.61 cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_gateways:*:*:*:*:*
f-secure f-secure_anti-virus 4.61 cpe:2.3:a:f-secure:f-secure_anti-virus:4.61:*:linux_servers:*:*:*:*:*
f-secure f-secure_anti-virus 5.0 cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_client_security:*:*:*:*:*
f-secure f-secure_anti-virus 5.0 cpe:2.3:a:f-secure:f-secure_anti-virus:5.0:*:linux_server_security:*:*:*:*:*
f-secure f-secure_anti-virus 5.5 cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:client_security:*:*:*:*:*
f-secure f-secure_anti-virus 5.5 cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:mimesweeper:*:*:*:*:*
f-secure f-secure_anti-virus 5.5 cpe:2.3:a:f-secure:f-secure_anti-virus:5.5:*:windows_servers:*:*:*:*:*
f-secure f-secure_anti-virus 5.41 cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:mimesweeper:*:*:*:*:*
f-secure f-secure_anti-virus 5.41 cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:windows_servers:*:*:*:*:*
f-secure f-secure_anti-virus 5.41 cpe:2.3:a:f-secure:f-secure_anti-virus:5.41:*:workstations:*:*:*:*:*
f-secure f-secure_anti-virus 5.42 cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:mimesweeper:*:*:*:*:*
f-secure f-secure_anti-virus 5.42 cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:windows_servers:*:*:*:*:*
f-secure f-secure_anti-virus 5.42 cpe:2.3:a:f-secure:f-secure_anti-virus:5.42:*:workstations:*:*:*:*:*
f-secure f-secure_anti-virus 5.43 cpe:2.3:a:f-secure:f-secure_anti-virus:5.43:*:workstations:*:*:*:*:*
f-secure f-secure_anti-virus 5.52 cpe:2.3:a:f-secure:f-secure_anti-virus:5.52:*:client_security:*:*:*:*:*
f-secure f-secure_anti-virus 5.55 cpe:2.3:a:f-secure:f-secure_anti-virus:5.55:*:client_security:*:*:*:*:*
f-secure f-secure_anti-virus 6.01 cpe:2.3:a:f-secure:f-secure_anti-virus:6.01:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 6.2 cpe:2.3:a:f-secure:f-secure_anti-virus:6.2:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 6.21 cpe:2.3:a:f-secure:f-secure_anti-virus:6.21:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 6.30 cpe:2.3:a:f-secure:f-secure_anti-virus:6.30:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 6.30_sr1 cpe:2.3:a:f-secure:f-secure_anti-virus:6.30_sr1:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 6.31 cpe:2.3:a:f-secure:f-secure_anti-virus:6.31:*:ms_exchange:*:*:*:*:*
f-secure f-secure_anti-virus 2004 cpe:2.3:a:f-secure:f-secure_anti-virus:2004:*:*:*:*:*:*:*
f-secure f-secure_anti-virus 2005 cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*
f-secure f-secure_for_firewalls 6.20 cpe:2.3:a:f-secure:f-secure_for_firewalls:6.20:*:*:*:*:*:*:*
f-secure f-secure_internet_security 2004 cpe:2.3:a:f-secure:f-secure_internet_security:2004:*:*:*:*:*:*:*
f-secure f-secure_internet_security 2005 cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*
f-secure f-secure_personal_express 4.5 cpe:2.3:a:f-secure:f-secure_personal_express:4.5:*:*:*:*:*:*:*
f-secure f-secure_personal_express 4.6 cpe:2.3:a:f-secure:f-secure_personal_express:4.6:*:*:*:*:*:*:*
f-secure f-secure_personal_express 4.7 cpe:2.3:a:f-secure:f-secure_personal_express:4.7:*:*:*:*:*:*:*
f-secure f-secure_personal_express 5.0 cpe:2.3:a:f-secure:f-secure_personal_express:5.0:*:*:*:*:*:*:*
f-secure internet_gatekeeper 2.6 cpe:2.3:a:f-secure:internet_gatekeeper:2.6:*:linux:*:*:*:*:*
f-secure internet_gatekeeper 6.3 cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*
f-secure internet_gatekeeper 6.4 cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*
f-secure internet_gatekeeper 6.31 cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*
f-secure internet_gatekeeper 6.32 cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*
f-secure internet_gatekeeper 6.41 cpe:2.3:a:f-secure:internet_gatekeeper:6.41:*:*:*:*:*:*:*

References for CVE-2004-2442

cvelogic Threat Intelligence