Vulnerability CVE-2012-1459


Published: 2012-03-21

Description:
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: K7computing
Product: Antivirus 
Version: 9.77.3565;
Vendor: Trendmicro
Product: Housecall 
Version: 9.120.0.1004;
Product: Trend micro antivirus 
Version: 9.120.0.1004;
Vendor: F-secure
Product: F-secure anti-virus 
Version: 9.0.16160.0;
Vendor: Comodo
Product: Comodo antivirus 
Version: 7424;
Vendor: Bitdefender
Product: Bitdefender 
Version: 7.2;
Vendor: Avira
Product: Antivir 
Version: 7.11.1.163;
Vendor: Pc tools
Product: Pc tools antivirus 
Version: 7.0.3.5;
Vendor: Kaspersky
Product: Kaspersky anti-virus 
Version: 7.0.0.125;
Vendor: Norman
Product: Norman antivirus & antispyware 
Version: 6.06.12;
Vendor: ESET
Product: Nod32 antivirus 
Version: 5795;
Vendor: Mcafee
Product: Scan engine 
Version: 5.400.0.1158;
Product: Gateway 
Version: 2010.1c;
Vendor: Authentium
Product: Command antivirus 
Version: 5.2.11.5;
Vendor: Emsisoft
Product: Anti-malware 
Version: 5.1.0.1;
Vendor: Alwil
Product: Avast antivirus 
Version: 5.0.677.0; 4.8.1351.0;
Vendor: Sophos
Product: Sophos anti-virus 
Version: 4.61.0;
Vendor: F-prot
Product: F-prot antivirus 
Version: 4.6.2.117;
Vendor: Fortinet
Product: Fortinet antivirus 
Version: 4.2.254.0;
Vendor: Anti-virus
Product: Vba32 
Version: 3.12.14.2;
Vendor: Rising-global
Product: Rising antivirus 
Version: 22.83.00.03;
Vendor: Gdata-software
Product: G data antivirus 
Version: 21;
Vendor: Ahnlab
Product: V3 internet security 
Version: 2011.01.18.00;
Vendor: Nprotect
Product: Nprotect antivirus 
Version: 2011-01-17.01;
Vendor: Antiy
Product: Avl sdk 
Version: 2.0.3.7;
Vendor: Microsoft
Product: Security essentials 
Version: 2.0;
Vendor: Virusbuster
Product: Virusbuster 
Version: 13.6.151.0;
Vendor: Jiangmin
Product: Jiangmin antivirus 
Version: 13.0.900;
Vendor: CAT
Product: Quick heal 
Version: 11.00;
Vendor: Symantec
Product: Endpoint protection 
Version: 11.0;
Vendor: Pandasecurity
Product: Panda antivirus 
Version: 10.0.2.7;
Vendor: AVG
Product: Avg anti-virus 
Version: 10.0.0.1190;
Vendor: Ikarus
Product: Ikarus virus utilities t3 command line scanner 
Version: 1.1.97.0;
Vendor: Clamav
Product: Clamav 
Version: 0.96.4;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
http://www.ieee-security.org/TC/SP2012/program.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52623
https://exchange.xforce.ibmcloud.com/vulnerabilities/74302

Related CVE
CVE-2018-0202
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanis...
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The ...
CVE-2017-12380
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation...
CVE-2017-12379
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili...
CVE-2017-12378
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation...
CVE-2017-12377
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili...
CVE-2017-12376
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerabili...
CVE-2017-12375
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input valid...

Copyright 2018, cxsecurity.com

 

Back to Top