| Vulnerability Name: | CVE-2012-1420 (CCN-74195) | ||||||||
| Assigned: | 2012-03-19 | ||||||||
| Published: | 2012-03-19 | ||||||||
| Updated: | 2012-08-14 | ||||||||
| Summary: | The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. Note: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Mar 18 2012 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: MITRE Type: CNA CVE-2012-1420 Source: OSVDB Type: UNKNOWN 80403 Source: OSVDB Type: UNKNOWN 80406 Source: OSVDB Type: UNKNOWN 80407 Source: OSVDB Type: UNKNOWN 80409 Source: CCN Type: Microsoft Security Essentials Web Site Microsoft Security Essentials - Free Antivirus for Windows Source: CCN Type: Command Antivirus Web Site Antivirus | Commtouch - Internet Security Solutions Source: CCN Type: ESET Web Site ESET - Antivirus Software with Spyware and Malware Protection Source: CCN Type: F-Prot Web Site F-Prot Antivirus Source: CCN Type: Fortinet Web Site Fortinet Antivirus Source: MISC Type: UNKNOWN http://www.ieee-security.org/TC/SP2012/program.html Source: CCN Type: K7 Web Site K7 Antivirus Source: CCN Type: Kaspersky Web Site Kaspersky Antivirus Source: CCN Type: Norman Web Site Antivirus | Norman Proactive IT security Source: CCN Type: OSVDB ID: 80398 Rising Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80399 Panda Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80400 Norman Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80401 NOD32 Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80402 Microsoft Security Essentials Antimalware Engine Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80403 Kaspersky Anti-Virus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80404 K7 AntiVirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80405 Fortinet Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80406 F-Prot Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80407 Command Antivirus Malformed TAR File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80409 Quick Heal Malformed TAR File Handling Scan Bypass Source: CCN Type: Panda Web Site Panda Antivirus Source: CCN Type: Quick Heal Web Site Quick Heal Antivirus Source: CCN Type: Rising Web Site Rising Antivirus Source: BUGTRAQ Type: UNKNOWN 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: CCN Type: BID-52615 Multiple AntiVirus Products CVE-2012-1420 TAR File Scan Evasion Vulnerability Source: XF Type: UNKNOWN multiple-av-tar-7felf-evasion(74195) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||