Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1429

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1429
Last Modified 27 Jul 2012 11:30:32
Published 21 Mar 2012 06:11:47
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1429

Summary

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

Vulnerable Systems

Application

  • Aladdin Esafe 7.0.17.0

  • Comodo Antivirus 7424

  • Emsisoft Anti-malware 5.1.0.1

  • F-secure Anti-virus 9.0.16160.0

  • Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0

  • Mcafee Gateway 2010.1c

  • Mcafee Scan Engine 5.400.0.1158

  • Nprotect Antivirus 2011-01-17.01

  • Softwin Bitdefender 7.2


References

BUGTRAQ - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products

MISC - http://www.ieee-security.org/TC/SP2012/program.html

XF - multiple-av-elf-ustar-evasion(74244)


Last Updated: 27 May 2016 10:53:34