Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1460


Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1460
Last Modified 06 Nov 2012 12:09:07
Published 21 Mar 2012 06:11:49
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Gzip file parser in Antiy Labs AVL SDK, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus, eSafe, F-Prot Antivirus, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.

Vulnerable Systems


  • Aladdin Esafe

  • Anti-virus Vba32

  • Antiy Avl Sdk

  • Authentium Command Antivirus

  • Cat Quick Heal 11.00

  • F-prot Antivirus

  • Jiangmin Antivirus 13.0.900

  • K7computing Antivirus 9.77.3565


BUGTRAQ - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products


XF - multiple-av-tar-gzip-evasion(74308)

BID - 52629

Last Updated: 27 May 2016 10:47:11