Sign-up

ID

VAR-201203-0148


CVE

CVE-2012-1463


TITLE

Multiple products ELF Vulnerability that prevents file parsers from detecting malware

Trust: 0.8

sources: JVNDB: JVNDB-2012-001872

DESCRIPTION

The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF Parser If it is announced that there is also a problem with the implementation of CVE May be split.The endian field changed by a third party ELF Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection

Trust: 2.07

sources: NVD: CVE-2012-1463 // JVNDB: JVNDB-2012-001872 // BID: 52614 // VULHUB: VHN-54744 // VULMON: CVE-2012-1463

AFFECTED PRODUCTS

vendor:comodomodel:antivirusscope:eqversion:7424

Trust: 2.1

vendor:authentiummodel:command antivirusscope:eqversion:5.2.11.5

Trust: 1.8

vendor:bitdefendermodel:bitdefenderscope:eqversion:7.2

Trust: 1.8

vendor:aladdinmodel:esafescope:eqversion:7.0.17.0

Trust: 1.8

vendor:f securemodel:f-secure anti-virusscope:eqversion:9.0.16160.0

Trust: 1.8

vendor:mcafeemodel:scan enginescope:eqversion:5.400.0.1158

Trust: 1.8

vendor:normanmodel:antivirus \& antispywarescope:eqversion:6.06.12

Trust: 1.6

vendor:ahnlabmodel:v3 internet securityscope:eqversion:2011.01.18.00

Trust: 1.0

vendor:nprotectmodel:antivirusscope:eqversion:2011-01-17.01

Trust: 1.0

vendor:catmodel:quick healscope:eqversion:11.00

Trust: 1.0

vendor:f protmodel:f-prot antivirusscope:eqversion:4.6.2.117

Trust: 1.0

vendor:pandasecuritymodel:panda antivirusscope:eqversion:10.0.2.7

Trust: 1.0

vendor:friskmodel:f-prot antivirusscope:eqversion:4.6.2.117

Trust: 0.8

vendor:normanmodel:antivirusscope:eqversion:6.06.12

Trust: 0.8

vendor:nprotectmodel:anti-virusscope:eqversion:2011-01-17.01

Trust: 0.8

vendor:panda securitymodel:antivirusscope:eqversion:10.0.2.7

Trust: 0.8

vendor:unlabmodel:v3 internet securityscope:eqversion:2011.01.18.00

Trust: 0.8

vendor:quick heal k kmodel:healscope:eqversion:11.00

Trust: 0.8

vendor:quick healmodel:cat-quickhealscope:eqversion:11.00

Trust: 0.3

vendor:pandamodel:antivirusscope:eqversion:10.0.27

Trust: 0.3

vendor:normanmodel:antivirusscope:eqversion:6.6.12

Trust: 0.3

vendor:mcafeemodel:mcafeescope:eqversion:5.4001158

Trust: 0.3

vendor:incamodel:nprotectscope:eqversion:2011-01-17.01

Trust: 0.3

vendor:friskmodel:software f-prot antivirusscope:eqversion:4.6.2117

Trust: 0.3

vendor:f securemodel:antivirusscope:eqversion:9.0.16160.0

Trust: 0.3

vendor:esafemodel:antivirusscope:eqversion:7.0.170

Trust: 0.3

vendor:bitdefendermodel:antivirusscope:eqversion:7.2

Trust: 0.3

vendor:authentiummodel:command antivirusscope:eqversion:5.2.115

Trust: 0.3

vendor:ahnlabmodel:enginescope:eqversion:v32011.01.18.00

Trust: 0.3

sources: BID: 52614 // JVNDB: JVNDB-2012-001872 // CNNVD: CNNVD-201203-426 // NVD: CVE-2012-1463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1463
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1463
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201203-426
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54744
value: MEDIUM

Trust: 0.1

VULMON: CVE-2012-1463
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1463
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-54744
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54744 // VULMON: CVE-2012-1463 // JVNDB: JVNDB-2012-001872 // CNNVD: CNNVD-201203-426 // NVD: CVE-2012-1463

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-54744 // JVNDB: JVNDB-2012-001872 // NVD: CVE-2012-1463

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-426

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-426

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001872

PATCH
title:Command Antivirusurl:http://www.authentium.com/command/CSAVDownload.html
Trust: 0.8
title:Bitdefenderurl:http://www.bitdefender.com/
Trust: 0.8
title:Comodo Antivirusurl:http://www.comodo.com/home/internet-security/antivirus.php
Trust: 0.8
title:F-Prot Antivirusurl:http://www.f-prot.com/index.html
Trust: 0.8
title:MacAfee Scan Engineurl:http://www.mcafee.com/us/support/support-eol-scan-engine.aspx
Trust: 0.8
title:Norman Antivirusurl:http://www.norman.com/products/antivirus_antispyware/en
Trust: 0.8
title:nProtect Anti-Virusurl:http://global.nprotect.com/product/avs.php
Trust: 0.8
title:Panda Antivirusurl:http://www.ps-japan.co.jp/
Trust: 0.8
title:Quick Healurl:http://www.quickheal.com/
Trust: 0.8
title:eSafeurl:http://www.aladdin.co.jp/esafe/
Trust: 0.8
title:V3 Internet Securityurl:http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp
Trust: 0.8
title:F-Secure Anti-Virusurl:http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001872

EXTERNAL IDS
db:NVDid:CVE-2012-1463
Trust: 2.9
db:BIDid:52614
Trust: 1.5
db:OSVDBid:80426
Trust: 1.2
db:OSVDBid:80433
Trust: 1.2
db:JVNDBid:JVNDB-2012-001872
Trust: 0.8
db:CNNVDid:CNNVD-201203-426
Trust: 0.7
db:BUGTRAQid:20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS
Trust: 0.6
db:NSFOCUSid:19237
Trust: 0.6
db:VULHUBid:VHN-54744
Trust: 0.1
db:VULMONid:CVE-2012-1463
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54744 // 
            
            
            
            VULMON: CVE-2012-1463 // 
            
            
            
            BID: 52614 // 
            
            
            
            JVNDB: JVNDB-2012-001872 // 
            
            
            
            CNNVD: CNNVD-201203-426 // 
            
            
            
            NVD: CVE-2012-1463

REFERENCES
url:http://www.securityfocus.com/archive/1/522005
Trust: 1.8
url:http://www.ieee-security.org/tc/sp2012/program.html
Trust: 1.8
url:http://www.securityfocus.com/bid/52614
Trust: 1.3
url:http://osvdb.org/80426
Trust: 1.2
url:http://osvdb.org/80433
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/74311
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1463
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1463
Trust: 0.8
url:http://www.nsfocus.net/vulndb/19237
Trust: 0.6
url:http://www.ahnlab.com
Trust: 0.3
url:http://www.authentium.com
Trust: 0.3
url:http://www.bitdefender.com
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.safenet-inc.com/data-protection/content-security-esafe/
Trust: 0.3
url:http://www.f-secure.com/
Trust: 0.3
url:http://www.f-prot.com/
Trust: 0.3
url:http://global.nprotect.com/index.php
Trust: 0.3
url:http://www.mcafee.com/
Trust: 0.3
url:http://anti-virus-software-review.toptenreviews.com/norman-review.html
Trust: 0.3
url:http://www.pandasecurity.com/usa/
Trust: 0.3
url:http://www.quickheal.com/
Trust: 0.3
url:/archive/1/522005
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54744 // 
            
            
            
            VULMON: CVE-2012-1463 // 
            
            
            
            BID: 52614 // 
            
            
            
            JVNDB: JVNDB-2012-001872 // 
            
            
            
            CNNVD: CNNVD-201203-426 // 
            
            
            
            NVD: CVE-2012-1463

CREDITS
Suman Jana and Vitaly Shmatikov
Trust: 0.3
sources:
            
            
            BID: 52614

SOURCES
db:VULHUBid:VHN-54744
db:VULMONid:CVE-2012-1463
db:BIDid:52614
db:JVNDBid:JVNDB-2012-001872
db:CNNVDid:CNNVD-201203-426
db:NVDid:CVE-2012-1463

LAST UPDATE DATE
2024-11-23T21:46:23.373000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54744date:2017-08-29T00:00:00
db:VULMONid:CVE-2012-1463date:2017-08-29T00:00:00
db:BIDid:52614date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001872date:2012-03-23T00:00:00
db:CNNVDid:CNNVD-201203-426date:2012-03-26T00:00:00
db:NVDid:CVE-2012-1463date:2024-11-21T01:37:02.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-54744date:2012-03-21T00:00:00
db:VULMONid:CVE-2012-1463date:2012-03-21T00:00:00
db:BIDid:52614date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001872date:2012-03-23T00:00:00
db:CNNVDid:CNNVD-201203-426date:2012-03-26T00:00:00
db:NVDid:CVE-2012-1463date:2012-03-21T10:11:49.740