Sign-up

ID

VAR-201203-0146


CVE

CVE-2012-1461


TITLE

Multiple products Gzip Vulnerability that prevents file parsers from detecting malware

Trust: 0.8

sources: JVNDB: JVNDB-2012-001901

DESCRIPTION

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. Multiple products Gzip A file parser contains a vulnerability that can prevent malware detection. Different Gzip If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Have multiple compressed streams by a third party .tar.gz Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection

Trust: 1.98

sources: NVD: CVE-2012-1461 // JVNDB: JVNDB-2012-001901 // BID: 52626 // VULHUB: VHN-54742

AFFECTED PRODUCTS

vendor:authentiummodel:command antivirusscope:eqversion:5.2.11.5

Trust: 1.8

vendor:avgmodel:anti-virusscope:eqversion:10.0.0.1190

Trust: 1.8

vendor:bitdefendermodel:bitdefenderscope:eqversion:7.2

Trust: 1.8

vendor:emsisoftmodel:anti-malwarescope:eqversion:5.1.0.1

Trust: 1.8

vendor:ikarusmodel:virus utilities t3 command line scannerscope:eqversion:1.1.97.0

Trust: 1.8

vendor:jiangminmodel:antivirusscope:eqversion:13.0.900

Trust: 1.8

vendor:f securemodel:f-secure anti-virusscope:eqversion:9.0.16160.0

Trust: 1.8

vendor:kasperskymodel:anti-virusscope:eqversion:7.0.0.125

Trust: 1.8

vendor:sophosmodel:anti-virusscope:eqversion:4.61.0

Trust: 1.8

vendor:fortinetmodel:antivirusscope:eqversion:4.2.254.0

Trust: 1.8

vendor:mcafeemodel:scan enginescope:eqversion:5.400.0.1158

Trust: 1.8

vendor:trendmicromodel:housecallscope:eqversion:9.120.0.1004

Trust: 1.6

vendor:trendmicromodel:trend micro antivirusscope:eqversion:9.120.0.1004

Trust: 1.0

vendor:rising globalmodel:antivirusscope:eqversion:22.83.00.03

Trust: 1.0

vendor:k7computingmodel:antivirusscope:eqversion:9.77.3565

Trust: 1.0

vendor:esetmodel:nod32 antivirusscope:eqversion:5795

Trust: 1.0

vendor:anti virusmodel:vba32scope:eqversion:3.12.14.2

Trust: 1.0

vendor:symantecmodel:endpoint protectionscope:eqversion:11.0

Trust: 1.0

vendor:mcafeemodel:gatewayscope:eqversion:2010.1c

Trust: 1.0

vendor:normanmodel:antivirus \& antispywarescope:eqversion:6.06.12

Trust: 1.0

vendor:risingmodel:antivirusscope:eqversion:22.83.00.03

Trust: 0.8

vendor:esetmodel:nod32 anti-virusscope:eqversion:5795

Trust: 0.8

vendor:k7 computingmodel:antivirusscope:eqversion:9.77.3565

Trust: 0.8

vendor:normanmodel:antivirusscope:eqversion:6.06.12

Trust: 0.8

vendor:virusblokadamodel:vba32scope:eqversion:3.12.14.2

Trust: 0.8

vendor:symantecmodel:endpoint protectionscope:eqversion:11

Trust: 0.8

vendor:trend micromodel:antivirusscope:eqversion:9.120.0.1004

Trust: 0.8

vendor:trend micromodel:housecallscope:eqversion:9.120.0.1004

Trust: 0.8

vendor:mcafeemodel:web gateway softwarescope:eqversion:2010.1c

Trust: 0.8

vendor:virusblokadamodel:vba32scope:eqversion:3.12.142

Trust: 0.3

vendor:trend micromodel:trend microscope:eqversion:9.1201004

Trust: 0.3

vendor:trend micromodel:housecallscope:eqversion:9.1201004

Trust: 0.3

vendor:symantecmodel:antivirusscope:eqversion:20101.3103

Trust: 0.3

vendor:risingmodel:antivirusscope:eqversion:22.8303

Trust: 0.3

vendor:normanmodel:antivirusscope:eqversion:6.6.12

Trust: 0.3

vendor:mcafeemodel:mcafee-gw-edition 2010.1cscope: - version: -

Trust: 0.3

vendor:kasperskymodel:antivirusscope:eqversion:7.0125

Trust: 0.3

vendor:k7model:computing pvt ltd k7antivirusscope:eqversion:9.77.3565

Trust: 0.3

vendor:jiangminmodel:jiangminscope:eqversion:13.0.900

Trust: 0.3

vendor:ikarusmodel:antivirus t3.1.1.97.0scope: - version: -

Trust: 0.3

vendor:fortinetmodel:antivirusscope:eqversion:4.2.2540

Trust: 0.3

vendor:esetmodel:nod32scope:eqversion:5795

Trust: 0.3

vendor:emsisoftmodel:antivirusscope:eqversion:5.11

Trust: 0.3

vendor:comodomodel:antivirusscope:eqversion:7424

Trust: 0.3

vendor:bitdefendermodel:antivirusscope:eqversion:7.2

Trust: 0.3

vendor:avgmodel:anti-virusscope:eqversion:10.01190

Trust: 0.3

vendor:authentiummodel:command antivirusscope:eqversion:5.2.115

Trust: 0.3

sources: BID: 52626 // JVNDB: JVNDB-2012-001901 // CNNVD: CNNVD-201203-424 // NVD: CVE-2012-1461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1461
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1461
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201203-424
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54742
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1461
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54742
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54742 // JVNDB: JVNDB-2012-001901 // CNNVD: CNNVD-201203-424 // NVD: CVE-2012-1461

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-54742 // JVNDB: JVNDB-2012-001901 // NVD: CVE-2012-1461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-424

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-424

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001901

PATCH
title:Command Antivirusurl:http://www.authentium.com/command/CSAVDownload.html
Trust: 0.8
title:AVG Anti-Virusurl:http://www.avgjapan.com/home-small-office-security/buy-antivirus
Trust: 0.8
title:Rising Antivirusurl:http://www.rising-global.com/
Trust: 0.8
title:Bitdefenderurl:http://www.bitdefender.com/
Trust: 0.8
title:Emsisoft Anti-Malwareurl:http://www.emsisoft.com/en/software/antimalware/
Trust: 0.8
title:ESET NOD32アンチウイルスurl:http://www.eset.com/us/
Trust: 0.8
title:Fortinet Antivirusurl:http://www.fortinet.com/solutions/antivirus.html
Trust: 0.8
title:Top Pageurl:http://www.ikarus.at/en/
Trust: 0.8
title:Jiangmin Antivirusurl:http://global.jiangmin.com/
Trust: 0.8
title:K7 AntiVirusurl:http://www.k7computing.com/en/consumer_home.php
Trust: 0.8
title:McAfee Scan Engineurl:http://www.mcafee.com/us/support/support-eol-scan-engine.aspx
Trust: 0.8
title:McAfee Web Gatewayurl:http://www.mcafee.com/us/products/web-gateway.aspx
Trust: 0.8
title:Norman Antivirusurl:http://www.norman.com/products/antivirus_antispyware/en
Trust: 0.8
title:Sophos Anti-Virusurl:http://www.sophos.com/ja-jp/
Trust: 0.8
title:Endpoint Protectionurl:http://www.symantec.com/ja/jp/endpoint-protection
Trust: 0.8
title:Top Pageurl:http://jp.trendmicro.com/jp/home/index.html
Trust: 0.8
title:Trend Micro HouseCallurl:http://jp.trendmicro.com/jp/tools/housecall/index.html
Trust: 0.8
title:VBA32url:http://anti-virus.by/en/index.shtml
Trust: 0.8
title:Kaspersky Anti-Virusurl:http://www.kaspersky.com/kaspersky_anti-virus
Trust: 0.8
title:F-Secure Anti-Virusurl:http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001901

EXTERNAL IDS
db:NVDid:CVE-2012-1461
Trust: 2.8
db:BIDid:52626
Trust: 1.4
db:OSVDBid:80510
Trust: 1.1
db:OSVDBid:80501
Trust: 1.1
db:OSVDBid:80500
Trust: 1.1
db:OSVDBid:80504
Trust: 1.1
db:OSVDBid:80505
Trust: 1.1
db:OSVDBid:80503
Trust: 1.1
db:OSVDBid:80502
Trust: 1.1
db:OSVDBid:80506
Trust: 1.1
db:JVNDBid:JVNDB-2012-001901
Trust: 0.8
db:CNNVDid:CNNVD-201203-424
Trust: 0.7
db:BUGTRAQid:20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS
Trust: 0.6
db:NSFOCUSid:19199
Trust: 0.6
db:VULHUBid:VHN-54742
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54742 // 
            
            
            
            BID: 52626 // 
            
            
            
            JVNDB: JVNDB-2012-001901 // 
            
            
            
            CNNVD: CNNVD-201203-424 // 
            
            
            
            NVD: CVE-2012-1461

REFERENCES
url:http://www.securityfocus.com/archive/1/522005
Trust: 1.7
url:http://www.ieee-security.org/tc/sp2012/program.html
Trust: 1.7
url:http://www.securityfocus.com/bid/52626
Trust: 1.1
url:http://osvdb.org/80500
Trust: 1.1
url:http://osvdb.org/80501
Trust: 1.1
url:http://osvdb.org/80502
Trust: 1.1
url:http://osvdb.org/80503
Trust: 1.1
url:http://osvdb.org/80504
Trust: 1.1
url:http://osvdb.org/80505
Trust: 1.1
url:http://osvdb.org/80506
Trust: 1.1
url:http://osvdb.org/80510
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1461
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1461
Trust: 0.8
url:http://www.nsfocus.net/vulndb/19199
Trust: 0.6
url:http://www.avg.com
Trust: 0.3
url:http://www.bitdefender.com
Trust: 0.3
url:http://www.emsisoft.com/en/software/antimalware/
Trust: 0.3
url:http://www.ikarus.at
Trust: 0.3
url:http://global.jiangmin.com/
Trust: 0.3
url:http://www.k7computing.com/en/product/k7-antivirusplus.php
Trust: 0.3
url:http://www.kaspersky.com/
Trust: 0.3
url:http://www.mcafee.com/
Trust: 0.3
url:http://anti-virus-software-review.toptenreviews.com/norman-review.html
Trust: 0.3
url:http://www.rising-global.com/
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.trend.com
Trust: 0.3
url:/archive/1/522005
Trust: 0.3
sources:
            
            
            VULHUB: VHN-54742 // 
            
            
            
            BID: 52626 // 
            
            
            
            JVNDB: JVNDB-2012-001901 // 
            
            
            
            CNNVD: CNNVD-201203-424 // 
            
            
            
            NVD: CVE-2012-1461

CREDITS
Suman Jana and Vitaly Shmatikov
Trust: 0.3
sources:
            
            
            BID: 52626

SOURCES
db:VULHUBid:VHN-54742
db:BIDid:52626
db:JVNDBid:JVNDB-2012-001901
db:CNNVDid:CNNVD-201203-424
db:NVDid:CVE-2012-1461

LAST UPDATE DATE
2024-11-23T21:46:24.134000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54742date:2012-11-06T00:00:00
db:BIDid:52626date:2012-03-30T16:20:00
db:JVNDBid:JVNDB-2012-001901date:2012-03-26T00:00:00
db:CNNVDid:CNNVD-201203-424date:2012-03-26T00:00:00
db:NVDid:CVE-2012-1461date:2024-11-21T01:37:02.423

SOURCES RELEASE DATE
db:VULHUBid:VHN-54742date:2012-03-21T00:00:00
db:BIDid:52626date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001901date:2012-03-26T00:00:00
db:CNNVDid:CNNVD-201203-424date:2012-03-22T00:00:00
db:NVDid:CVE-2012-1461date:2012-03-21T10:11:49.677