Vulnerability CVE-2012-1440
Published: 2012-03-21

Description:
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Pandasecurity -> Panda antivirus 
Norman -> Norman antivirus & antispyware 
Fortinet -> Fortinet antivirus 
CA -> Etrust vet antivirus 
Aladdin -> Esafe 

 References:
http://www.securityfocus.com/archive/1/522005
http://www.ieee-security.org/TC/SP2012/program.html
Copyright 2024, cxsecurity.com

 

Back to Top