| Vulnerability Name: | CVE-2012-1446 (CCN-74262) | ||||||||
| Assigned: | 2012-03-19 | ||||||||
| Published: | 2012-03-19 | ||||||||
| Updated: | 2012-07-28 | ||||||||
| Summary: | The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. Note: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Mar 18 2012 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: MITRE Type: CNA CVE-2012-1446 Source: OSVDB Type: UNKNOWN 80426 Source: OSVDB Type: UNKNOWN 80427 Source: OSVDB Type: UNKNOWN 80428 Source: OSVDB Type: UNKNOWN 80430 Source: OSVDB Type: UNKNOWN 80431 Source: CCN Type: Antiy Labs Web Site Antiy Labs Antivirus Source: CCN Type: Fortinet Web Site Fortinet Antivirus Source: MISC Type: UNKNOWN http://www.ieee-security.org/TC/SP2012/program.html Source: CCN Type: Kaspersky Web Site Kaspersky Antivirus Source: CCN Type: McAfee Web Site McAfee Antivirus Source: CCN Type: Norman Web Site Norman Antivirus Source: CCN Type: OSVDB ID: 80426 Quick Heal Malformed ELF File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80427 Kaspersky Anti-Virus Malformed ELF File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80428 Antiy Labs AVL SDK Malformed ELF File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80430 Symantec Endpoint Protection AVEngine Malformed ELF File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80431 PC Tools AntiVirus Malformed ELF File Handling Scan Bypass Source: CCN Type: Panda Web Site Panda Antivirus Source: CCN Type: PC Tools Web Site PC Tools Antivirus Source: CCN Type: Quick Heal Web Site Quick Heal Antivirus Source: CCN Type: Rising Web Site Rising Antivirus Source: CCN Type: eSafe Web Site SafeNet eSafe Antivirus Source: BUGTRAQ Type: UNKNOWN 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: BID Type: UNKNOWN 52600 Source: CCN Type: BID-52600 Multiple AntiVirus Products CVE-2012-1446 ELF File Scan Evasion Vulnerability Source: CCN Type: Sophos Web Site Sophos Antivirus Source: CCN Type: Symantec Web Site Symantec Antivirus Source: CCN Type: eTrust-Vet Web Site eTrust-Vet Antivirus Source: XF Type: UNKNOWN multiple-av-elf-encoding-evasion(74262) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||