CVE-2012-1425

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-1425
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://osvdb.org/80389
http://osvdb.org/80391
http://osvdb.org/80392
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80403
http://osvdb.org/80409
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
http://osvdb.org/80389
http://osvdb.org/80391
http://osvdb.org/80392
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80403
http://osvdb.org/80409
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*
cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*
History

21 Nov 2024, 01:36

Type Values Removed Values Added
References () http://osvdb.org/80389 - () http://osvdb.org/80389 -
References () http://osvdb.org/80391 - () http://osvdb.org/80391 -
References () http://osvdb.org/80392 - () http://osvdb.org/80392 -
References () http://osvdb.org/80395 - () http://osvdb.org/80395 -
References () http://osvdb.org/80396 - () http://osvdb.org/80396 -
References () http://osvdb.org/80403 - () http://osvdb.org/80403 -
References () http://osvdb.org/80409 - () http://osvdb.org/80409 -
References () http://www.ieee-security.org/TC/SP2012/program.html - () http://www.ieee-security.org/TC/SP2012/program.html -
References () http://www.securityfocus.com/archive/1/522005 - () http://www.securityfocus.com/archive/1/522005 -
Information

Published : 2012-03-21 10:11

Updated : 2024-11-21 01:36

NVD link : CVE-2012-1425

Mitre link : CVE-2012-1425

CVE.ORG link : CVE-2012-1425

JSON object : View

Products Affected

trendmicro

  • trend_micro_antivirus
  • housecall

emsisoft

  • anti-malware

ikarus

  • ikarus_virus_utilities_t3_command_line_scanner

mcafee

  • scan_engine
  • gateway

eset

  • nod32_antivirus

pc_tools

  • pc_tools_antivirus

norman

  • norman_antivirus_\&_antispyware

symantec

  • endpoint_protection

cat

  • quick_heal

jiangmin

  • jiangmin_antivirus

avira

  • antivir

antiy

  • avl_sdk

fortinet

  • fortinet_antivirus

kaspersky

  • kaspersky_anti-virus
CWE
CWE-264

Permissions, Privileges, and Access Controls