Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1457

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1457
Last Modified 13 Aug 2012 11:35:53
Published 21 Mar 2012 06:11:49
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1457

Summary

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Vulnerable Systems

Application

  • Aladdin Esafe 7.0.17.0

  • Alwil Avast Antivirus 4.8.1351.0

  • Alwil Avast Antivirus 5.0.677.0

  • Anti-virus Vba32 3.12.14.2

  • Antiy Avl Sdk 2.0.3.7

  • Authentium Command Antivirus 5.2.11.5

  • Avg Anti-virus 10.0.0.1190

  • Avira Antivir 7.11.1.163

  • Bitdefender 7.2

  • Cat Quick Heal 11.00

  • Clamav 0.96.4

  • Emsisoft Anti-malware 5.1.0.1

  • Eset Nod32 Antivirus 5795

  • F-prot Antivirus 4.6.2.117

  • Gdata-software G Data Antivirus 21

  • Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0

  • Jiangmin Antivirus 13.0.900

  • K7computing Antivirus 9.77.3565

  • Kaspersky Anti-virus 7.0.0.125

  • Mcafee Gateway 2010.1c

  • Mcafee Scan Engine 5.400.0.1158

  • Microsoft Security Essentials 2.0

  • Norman Antivirus %26 Antispyware 6.06.12

  • Pc Tools Antivirus 7.0.3.5

  • Rising-global Rising Antivirus 22.83.00.03

  • Symantec Endpoint Protection 11.0

  • Trendmicro Housecall 9.120.0.1004

  • Trendmicro Trend Micro Antivirus 9.120.0.1004

  • Virusbuster 13.6.151.0


References

BUGTRAQ - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products

MISC - http://www.ieee-security.org/TC/SP2012/program.html

SUSE - openSUSE-SU-2012:0833

XF - multiple-av-tar-length-evasion(74293)

BID - 52610

OSVDB - 80409

OSVDB - 80407

OSVDB - 80406

OSVDB - 80403

OSVDB - 80396

OSVDB - 80395

OSVDB - 80393

OSVDB - 80392

OSVDB - 80391

OSVDB - 80389

Related Patches

Novell SUSE 2012:6474 clamav security update for SLE 11 SP1 i586

Novell SUSE 2012:6474 clamav security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8200 clamav security update for SLE 10 SP4 i586

Novell SUSE 2012:8200 clamav security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:55:01