Vulnerability CVE-2012-1459


Published: 2012-03-21

Description:
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symant! ec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: K7computing
Product: Antivirus 
Version: 9.77.3565;
Vendor: Trendmicro
Product: Housecall 
Version: 9.120.0.1004;
Product: Trend micro antivirus 
Version: 9.120.0.1004;
Vendor: F-secure
Product: F-secure anti-virus 
Version: 9.0.16160.0;
Vendor: Comodo
Product: Comodo antivirus 
Version: 7424;
Vendor: Bitdefender
Product: Bitdefender 
Version: 7.2;
Vendor: Avira
Product: Antivir 
Version: 7.11.1.163;
Vendor: Pc tools
Product: Pc tools antivirus 
Version: 7.0.3.5;
Vendor: Kaspersky
Product: Kaspersky anti-virus 
Version: 7.0.0.125;
Vendor: Norman
Product: Norman antivirus & antispyware 
Version: 6.06.12;
Vendor: ESET
Product: Nod32 antivirus 
Version: 5795;
Vendor: Mcafee
Product: Scan engine 
Version: 5.400.0.1158;
Product: Gateway 
Version: 2010.1c;
Vendor: Authentium
Product: Command antivirus 
Version: 5.2.11.5;
Vendor: Emsisoft
Product: Anti-malware 
Version: 5.1.0.1;
Vendor: Alwil
Product: Avast antivirus 
Version: 5.0.677.0; 4.8.1351.0;
Vendor: Sophos
Product: Sophos anti-virus 
Version: 4.61.0;
Vendor: F-prot
Product: F-prot antivirus 
Version: 4.6.2.117;
Vendor: Fortinet
Product: Fortinet antivirus 
Version: 4.2.254.0;
Vendor: Anti-virus
Product: Vba32 
Version: 3.12.14.2;
Vendor: Rising-global
Product: Rising antivirus 
Version: 22.83.00.03;
Vendor: Gdata-software
Product: G data antivirus 
Version: 21;
Vendor: Ahnlab
Product: V3 internet security 
Version: 2011.01.18.00;
Vendor: Nprotect
Product: Nprotect antivirus 
Version: 2011-01-17.01;
Vendor: Antiy
Product: Avl sdk 
Version: 2.0.3.7;
Vendor: Microsoft
Product: Security essentials 
Version: 2.0;
Vendor: Virusbuster
Product: Virusbuster 
Version: 13.6.151.0;
Vendor: Jiangmin
Product: Jiangmin antivirus 
Version: 13.0.900;
Vendor: CAT
Product: Quick heal 
Version: 11.00;
Vendor: Symantec
Product: Endpoint protection 
Version: 11.0;
Vendor: Pandasecurity
Product: Panda antivirus 
Version: 10.0.2.7;
Vendor: AVG
Product: Avg anti-virus 
Version: 10.0.0.1190;
Vendor: Ikarus
Product: Ikarus virus utilities t3 command line scanner 
Version: 1.1.97.0;
Vendor: Clamav
Product: Clamav 
Version: 0.96.4;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/archive/1/522005
http://www.ieee-security.org/TC/SP2012/program.html

Related CVE
CVE-2017-6420
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2017-6418
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2016-1371
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
CVE-2016-1372
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
CVE-2016-1405
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remot...
CVE-2015-2668
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
CVE-2015-2222
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
CVE-2015-2221
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Copyright 2017, cxsecurity.com

 

Back to Top