Vulnerability CVE-2012-1446


Published: 2012-03-21

Description:
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Pc tools
Product: Pc tools antivirus 
Version: 7.0.3.5;
Vendor: Aladdin
Product: Esafe 
Version: 7.0.17.0;
Vendor: Kaspersky
Product: Kaspersky anti-virus 
Version: 7.0.0.125;
Vendor: Norman
Product: Norman antivirus & antispyware 
Version: 6.06.12;
Vendor: Mcafee
Product: Scan engine 
Version: 5.400.0.1158;
Product: Gateway 
Version: 2010.1c;
Vendor: Sophos
Product: Sophos anti-virus 
Version: 4.61.0;
Vendor: Fortinet
Product: Fortinet antivirus 
Version: 4.2.254.0;
Vendor: CA
Product: Etrust vet antivirus 
Version: 36.1.8511;
Vendor: Rising-global
Product: Rising antivirus 
Version: 22.83.00.03;
Vendor: Antiy
Product: Avl sdk 
Version: 2.0.3.7;
Vendor: CAT
Product: Quick heal 
Version: 11.00;
Vendor: Symantec
Product: Endpoint protection 
Version: 11.0;
Vendor: Pandasecurity
Product: Panda antivirus 
Version: 10.0.2.7;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/archive/1/522005
http://www.ieee-security.org/TC/SP2012/program.html

Related CVE
CVE-2018-6322
Panda Global Protection 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \.\pipe\PSANMSrvcPpal -- an "insecurely created named pipe." Ensures full access to Everyone users group...
CVE-2018-6321
Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact.
CVE-2017-17684
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.
CVE-2017-17683
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.
CVE-2017-8060
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2017-8339
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
CVE-2016-3943
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modif...
CVE-2015-7378
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.

Copyright 2019, cxsecurity.com

 

Back to Top