Vulnerability CVE-2012-1443


Published: 2012-03-21

Description:
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect A! nti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: K7computing
Product: Antivirus 
Version: 9.77.3565;
Vendor: Trendmicro
Product: Trend micro antivirus 
Version: 9.120.0.1004;
Product: Housecall 
Version: 9.120.0.1004;
Vendor: F-secure
Product: F-secure anti-virus 
Version: 9.0.16160.0;
Vendor: Comodo
Product: Comodo antivirus 
Version: 7424;
Vendor: Bitdefender
Product: Bitdefender 
Version: 7.2;
Vendor: Avira
Product: Antivir 
Version: 7.11.1.163;
Vendor: Pc tools
Product: Pc tools antivirus 
Version: 7.0.3.5;
Vendor: Aladdin
Product: Esafe 
Version: 7.0.17.0;
Vendor: Kaspersky
Product: Kaspersky anti-virus 
Version: 7.0.0.125;
Vendor: Norman
Product: Norman antivirus & antispyware 
Version: 6.06.12;
Vendor: ESET
Product: Nod32 antivirus 
Version: 5795;
Vendor: Mcafee
Product: Scan engine 
Version: 5.400.0.1158;
Product: Gateway 
Version: 2010.1c;
Vendor: Authentium
Product: Command antivirus 
Version: 5.2.11.5;
Vendor: Emsisoft
Product: Anti-malware 
Version: 5.1.0.1;
Vendor: Alwil
Product: Avast antivirus 
Version: 5.0.677.0; 4.8.1351.0;
Vendor: Sophos
Product: Sophos anti-virus 
Version: 4.61.0;
Vendor: F-prot
Product: F-prot antivirus 
Version: 4.6.2.117;
Vendor: Fortinet
Product: Fortinet antivirus 
Version: 4.2.254.0;
Vendor: Anti-virus
Product: Vba32 
Version: 3.12.14.2;
Vendor: Rising-global
Product: Rising antivirus 
Version: 22.83.00.03;
Vendor: Gdata-software
Product: G data antivirus 
Version: 21;
Vendor: Ahnlab
Product: V3 internet security 
Version: 2011.01.18.00;
Vendor: Nprotect
Product: Nprotect antivirus 
Version: 2011-01-17.01;
Vendor: Antiy
Product: Avl sdk 
Version: 2.0.3.7;
Vendor: Microsoft
Product: Security essentials 
Version: 2.0;
Vendor: Virusbuster
Product: Virusbuster 
Version: 13.6.151.0;
Vendor: Jiangmin
Product: Jiangmin antivirus 
Version: 13.0.900;
Vendor: CAT
Product: Quick heal 
Version: 11.00;
Vendor: Symantec
Product: Endpoint protection 
Version: 11.0;
Vendor: Pandasecurity
Product: Panda antivirus 
Version: 10.0.2.7;
Vendor: AVG
Product: Avg anti-virus 
Version: 10.0.0.1190;
Vendor: Ikarus
Product: Ikarus virus utilities t3 command line scanner 
Version: 1.1.97.0;
Vendor: Clamav
Product: Clamav 
Version: 0.96.4;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/archive/1/522005
http://www.ieee-security.org/TC/SP2012/program.html

Related CVE
CVE-2019-1798
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. T...
CVE-2019-1788
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected ...
CVE-2019-1787
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected de...
CVE-2019-1786
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected ...
CVE-2019-1785
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is...
CVE-2018-15378
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be...
CVE-2018-0361
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVE-2018-0360
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

Copyright 2019, cxsecurity.com

 

Back to Top