Vulnerability Name: | CVE-2012-1462 (CCN-74310) | ||||||||
Assigned: | 2012-03-19 | ||||||||
Published: | 2012-03-19 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. Note: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Sun Mar 18 2012 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: MITRE Type: CNA CVE-2012-1462 Source: CCN Type: AhnLab Web Site AhnLab Antivirus Source: CCN Type: Jiangmin Web Site Jiangmin Antivirus Source: CCN Type: AVG Web Site AVG Antivirus Source: CCN Type: Emsisoft Web Site Emsisoft Anti-Malware Source: CCN Type: Fortinet Web Site Fortinet Antivirus Source: MISC Type: UNKNOWN http://www.ieee-security.org/TC/SP2012/program.html Source: CCN Type: Ikarus Web Site Ikarus Antivirus Source: CCN Type: Kaspersky Web Site Kaspersky Antivirus Source: CCN Type: Norman Web Site Norman Antivirus Source: CCN Type: OSVDB ID: 80512 AhnLab V3 Internet Security Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80513 AVG Anti-Virus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80514 Quick Heal Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80515 Emsisoft Anti-Malware Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80516 eSafe Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80517 Fortinet Antivirus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80518 Ikarus Virus Utilities T3 Command Line Scanner Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80519 Jiangmin Antivirus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80520 Kaspersky Anti-Virus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80521 Norman Antivirus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80522 Sophos Anti-Virus Malformed ZIP File Handling Scan Bypass Source: CCN Type: OSVDB ID: 80523 Symantec Endpoint Protection AVEngine Malformed ZIP File Handling Scan Bypass Source: CCN Type: Quick Heal Web Site Quick Heal Antivirus Source: CCN Type: eSafe Web Site SafeNet eSafe Antivrus Source: BUGTRAQ Type: UNKNOWN 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products Source: BID Type: UNKNOWN 52613 Source: CCN Type: BID-52613 Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability Source: CCN Type: Sophos Web Site Sophos Antivirus Source: CCN Type: Symantec Web Site Symantec Antivirus Source: XF Type: UNKNOWN multiple-av-zip-file-evasion(74310) Source: XF Type: UNKNOWN multiple-av-zip-file-evasion(74310) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |