Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1427


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1427
Last Modified 06 Nov 2012 12:09:01
Published 21 Mar 2012 06:11:47
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Vulnerable Systems


  • Cat Quick Heal 11.00

  • Norman Antivirus %26 Antispyware 6.06.12

  • Sophos Anti-virus 4.61.0


BUGTRAQ - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products


XF - multiple-av-tar-evasion-cve20121427(74242)

OSVDB - 80409

OSVDB - 80390

BID - 52587

Last Updated: 27 May 2016 10:49:34