Details of VAR-201203-0147

ID

VAR-201203-0147

CVE

CVE-2012-1462

TITLE

Multiple products ZIP Vulnerability that prevents file parsers from detecting malware

Trust: 0.8

sources: JVNDB: JVNDB-2012-001871

DESCRIPTION

The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. Multiple products ZIP A file parser contains a vulnerability that can prevent malware detection. Different ZIP Parser If it is announced that there is also a problem with the implementation of CVE May be split.A third party includes an invalid block of data at the beginning ZIP Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection

Trust: 1.98

sources: NVD: CVE-2012-1462 // JVNDB: JVNDB-2012-001871 // BID: 52613 // VULHUB: VHN-54743

AFFECTED PRODUCTS

vendor:	avg	model:	anti-virus	scope:	eq	version:	10.0.0.1190	Trust: 1.8
vendor:	emsisoft	model:	anti-malware	scope:	eq	version:	5.1.0.1	Trust: 1.8
vendor:	ikarus	model:	virus utilities t3 command line scanner	scope:	eq	version:	1.1.97.0	Trust: 1.8
vendor:	jiangmin	model:	antivirus	scope:	eq	version:	13.0.900	Trust: 1.8
vendor:	aladdin	model:	esafe	scope:	eq	version:	7.0.17.0	Trust: 1.8
vendor:	kaspersky	model:	anti-virus	scope:	eq	version:	7.0.0.125	Trust: 1.8
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.254.0	Trust: 1.8
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0	Trust: 1.6
vendor:	ahnlab	model:	v3 internet security	scope:	eq	version:	2011.01.18.00	Trust: 1.0
vendor:	cat	model:	quick heal	scope:	eq	version:	11.00	Trust: 1.0
vendor:	norman	model:	antivirus	scope:	eq	version:	6.06.12	Trust: 0.8
vendor:	unlab	model:	v3 internet security	scope:	eq	version:	2011.01.18.00	Trust: 0.8
vendor:	quick heal k k	model:	heal	scope:	eq	version:	11.00	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11	Trust: 0.8
vendor:	sophos	model:	anti-virus	scope:	eq	version:	4.61.0	Trust: 0.8
vendor:	symantec	model:	antivirus	scope:	eq	version:	20101.3103	Trust: 0.3
vendor:	sophos	model:	anti-virus	scope:	eq	version:	4.61	Trust: 0.3
vendor:	quick heal	model:	cat-quickheal	scope:	eq	version:	11.00	Trust: 0.3
vendor:	norman	model:	antivirus	scope:	eq	version:	6.6.12	Trust: 0.3
vendor:	kaspersky	model:	antivirus	scope:	eq	version:	7.0125	Trust: 0.3
vendor:	jiangmin	model:	jiangmin	scope:	eq	version:	13.0.900	Trust: 0.3
vendor:	ikarus	model:	antivirus t3.1.1.97.0	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.2540	Trust: 0.3
vendor:	esafe	model:	antivirus	scope:	eq	version:	7.0.170	Trust: 0.3
vendor:	emsisoft	model:	antivirus	scope:	eq	version:	5.11	Trust: 0.3
vendor:	avg	model:	anti-virus	scope:	eq	version:	10.01190	Trust: 0.3
vendor:	ahnlab	model:	engine	scope:	eq	version:	v32011.01.18.00	Trust: 0.3

sources: BID: 52613 // JVNDB: JVNDB-2012-001871 // CNNVD: CNNVD-201203-425 // NVD: CVE-2012-1462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1462
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1462
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201203-425
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54743
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1462
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54743
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54743 // JVNDB: JVNDB-2012-001871 // CNNVD: CNNVD-201203-425 // NVD: CVE-2012-1462

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-54743 // JVNDB: JVNDB-2012-001871 // NVD: CVE-2012-1462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-425

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-425

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001871

PATCH

title:	AVG Anti-Virus	url:	http://www.avgjapan.com/home-small-office-security/buy-antivirus	Trust: 0.8
title:	Emsisoft Anti-Malware	url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.8
title:	Fortinet Antivirus	url:	http://www.fortinet.com/solutions/antivirus.html	Trust: 0.8
title:	Top Page	url:	http://www.ikarus.at/en/	Trust: 0.8
title:	Jiangmin Antivirus	url:	http://global.jiangmin.com/	Trust: 0.8
title:	Top Page	url:	http://www.norman.com/	Trust: 0.8
title:	Quick Heal	url:	http://www.quickheal.com/	Trust: 0.8
title:	Endpoint Protection	url:	http://www.symantec.com/ja/jp/endpoint-protection	Trust: 0.8
title:	eSafe	url:	http://www.aladdin.co.jp/esafe/	Trust: 0.8
title:	V3 Internet Security	url:	http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp	Trust: 0.8
title:	Kaspersky Anti-Virus	url:	http://www.kaspersky.com/kaspersky_anti-virus	Trust: 0.8
title:	Top Page	url:	http://www.sophos.com	Trust: 0.8

sources: JVNDB: JVNDB-2012-001871

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1462	Trust: 2.8
db:	BID	id:	52613	Trust: 1.4
db:	JVNDB	id:	JVNDB-2012-001871	Trust: 0.8
db:	CNNVD	id:	CNNVD-201203-425	Trust: 0.7
db:	BUGTRAQ	id:	20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS	Trust: 0.6
db:	NSFOCUS	id:	19217	Trust: 0.6
db:	VULHUB	id:	VHN-54743	Trust: 0.1

sources: VULHUB: VHN-54743 // BID: 52613 // JVNDB: JVNDB-2012-001871 // CNNVD: CNNVD-201203-425 // NVD: CVE-2012-1462

REFERENCES

url:	http://www.securityfocus.com/archive/1/522005	Trust: 1.7
url:	http://www.ieee-security.org/tc/sp2012/program.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/52613	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/74310	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1462	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1462	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19217	Trust: 0.6
url:	http://www.ahnlab.com	Trust: 0.3
url:	http://www.avg.com	Trust: 0.3
url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.3
url:	http://www.safenet-inc.com/data-protection/content-security-esafe/	Trust: 0.3
url:	http://www.fortinet.com/	Trust: 0.3
url:	http://www.ikarus.at	Trust: 0.3
url:	http://global.jiangmin.com/	Trust: 0.3
url:	http://www.kaspersky.com/	Trust: 0.3
url:	http://anti-virus-software-review.toptenreviews.com/norman-review.html	Trust: 0.3
url:	http://www.quickheal.com/	Trust: 0.3
url:	http://www.sophos.com/	Trust: 0.3
url:	http://www.symantec.com	Trust: 0.3
url:	/archive/1/522005	Trust: 0.3

sources: VULHUB: VHN-54743 // BID: 52613 // JVNDB: JVNDB-2012-001871 // CNNVD: CNNVD-201203-425 // NVD: CVE-2012-1462

CREDITS

Suman Jana and Vitaly Shmatikov

Trust: 0.3

sources: BID: 52613

SOURCES

db:	VULHUB	id:	VHN-54743
db:	BID	id:	52613
db:	JVNDB	id:	JVNDB-2012-001871
db:	CNNVD	id:	CNNVD-201203-425
db:	NVD	id:	CVE-2012-1462

LAST UPDATE DATE

2024-11-23T21:46:23.665000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54743	date:	2017-08-29T00:00:00
db:	BID	id:	52613	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001871	date:	2012-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201203-425	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1462	date:	2024-11-21T01:37:02.570

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54743	date:	2012-03-21T00:00:00
db:	BID	id:	52613	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001871	date:	2012-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201203-425	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1462	date:	2012-03-21T10:11:49.707