| Vulnerability Name: | CVE-2012-1453 (CCN-74272) | ||||||||
| Assigned: | 2012-03-19 | ||||||||
| Published: | 2012-03-19 | ||||||||
| Updated: | 2012-11-06 | ||||||||
| Summary: | The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. Note: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sun Mar 18 2012 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: MITRE Type: CNA CVE-2012-1453 Source: OSVDB Type: UNKNOWN 80482 Source: OSVDB Type: UNKNOWN 80483 Source: OSVDB Type: UNKNOWN 80484 Source: OSVDB Type: UNKNOWN 80485 Source: OSVDB Type: UNKNOWN 80486 Source: OSVDB Type: UNKNOWN 80487 Source: OSVDB Type: UNKNOWN 80488 Source: OSVDB Type: UNKNOWN 80489 Source: CCN Type: Microsoft Web Site Microsoft Security Essentials Source: CCN Type: Antiy Labs Web Site Antiy Labs Antivirus Source: CCN Type: Emsisoft Web Site Emsisoft Anti-malware Source: CCN Type: Fortinet Web Site Fortinet Antivirus Source: MISC Type: UNKNOWN http://www.ieee-security.org/TC/SP2012/program.html Source: CCN Type: Ikarus Web Site Ikarus Antivirus Source: CCN Type: Kaspersky Web Site Kaspersky Antivirus Source: CCN Type: McAfee Web Site McAfee Antivirus Source: CCN Type: OSVDB ID: 80482 Dr.Web Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80483 Kaspersky Anti-Virus Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80484 McAfee Gateway Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80485 CA eTrust Vet Antivirus Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80486 Antiy Labs AVL SDK Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80487 Microsoft Security Essentials Antimalware Engine Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80488 Fortinet Antivirus Malformed CAB File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80489 Panda Antivirus Malformed CAB File Handling Scan Bypass Source: CCN Type: Panda Web Site Panda Antivirus Source: CCN Type: Rising Web Site Rising Antivirus Source: BUGTRAQ Type: UNKNOWN 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: BID Type: UNKNOWN 52621 Source: CCN Type: BID-52621 Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability Source: CCN Type: Sophos Web Site Sophos Antivirus Source: CCN Type: Trend Micro Web Site Trend Micro Antivirus Source: CCN Type: eTrust-Vet Web Site eTrust-Vet Antivirus Source: XF Type: UNKNOWN multiple-av-cab-cofffiles-evasion(74272) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||