Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1423

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1423
Last Modified 13 Aug 2012 11:35:49
Published 21 Mar 2012 06:11:47
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1423

Summary

The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Vulnerable Systems

Application

  • Authentium Command Antivirus 5.2.11.5

  • Emsisoft Anti-malware 5.1.0.1

  • Eset Nod32 Antivirus 5795

  • F-prot Antivirus 4.6.2.117

  • Fortinet Antivirus 4.2.254.0

  • Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0

  • K7computing Antivirus 9.77.3565

  • Norman Antivirus %26 Antispyware 6.06.12

  • Pc Tools Antivirus 7.0.3.5

  • Rising-global Rising Antivirus 22.83.00.03

  • Virusbuster 13.6.151.0


References

BUGTRAQ - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products

MISC - http://www.ieee-security.org/TC/SP2012/program.html

OSVDB - 80407

OSVDB - 80406

OSVDB - 80396

OSVDB - 80395

OSVDB - 80393


Last Updated: 27 May 2016 10:51:38