Details of VAR-201203-0371

ID

VAR-201203-0371

CVE

CVE-2012-1447

TITLE

Multiple products ELF Vulnerability that prevents file parsers from detecting malware

Trust: 0.8

sources: JVNDB: JVNDB-2012-001879

DESCRIPTION

The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: DrWeb Antivirus 5.0.2.03300 Panda Antivirus 10.0.2.7. Fortinet Antivirus is an antivirus software designed by Fortinet Company using signature database and heuristic scanning engine

Trust: 1.98

sources: NVD: CVE-2012-1447 // JVNDB: JVNDB-2012-001879 // BID: 52601 // VULHUB: VHN-54728

AFFECTED PRODUCTS

vendor:	aladdin	model:	esafe	scope:	eq	version:	7.0.17.0	Trust: 1.8
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.254.0	Trust: 1.8
vendor:	pandasecurity	model:	panda antivirus	scope:	eq	version:	10.0.2.7	Trust: 1.6
vendor:	drweb	model:	dr.web antivirus	scope:	eq	version:	5.0.2.03300	Trust: 1.0
vendor:	doctor web	model:	dr.web anti-virus	scope:	eq	version:	5.0.2.03300	Trust: 0.8
vendor:	panda security	model:	antivirus	scope:	eq	version:	10.0.2.7	Trust: 0.8
vendor:	panda	model:	antivirus	scope:	eq	version:	10.0.27	Trust: 0.3
vendor:	drweb	model:	antivirus	scope:	eq	version:	5.0.203300	Trust: 0.3

sources: BID: 52601 // JVNDB: JVNDB-2012-001879 // CNNVD: CNNVD-201203-411 // NVD: CVE-2012-1447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1447
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1447
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201203-411
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54728
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1447
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54728
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54728 // JVNDB: JVNDB-2012-001879 // CNNVD: CNNVD-201203-411 // NVD: CVE-2012-1447

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-54728 // JVNDB: JVNDB-2012-001879 // NVD: CVE-2012-1447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-411

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-411

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001879

PATCH

title:	Top Page	url:	http://www.drweb.co.jp/	Trust: 0.8
title:	Top Page	url:	http://www.fortinet.com/solutions/antivirus.html	Trust: 0.8
title:	Panda Antivirus	url:	http://www.ps-japan.co.jp/	Trust: 0.8
title:	eSafe	url:	http://www.aladdin.co.jp/esafe/	Trust: 0.8

sources: JVNDB: JVNDB-2012-001879

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1447	Trust: 2.8
db:	BID	id:	52601	Trust: 1.4
db:	OSVDB	id:	80432	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-001879	Trust: 0.8
db:	CNNVD	id:	CNNVD-201203-411	Trust: 0.7
db:	NSFOCUS	id:	19233	Trust: 0.6
db:	BUGTRAQ	id:	20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-54728	Trust: 0.1

sources: VULHUB: VHN-54728 // BID: 52601 // JVNDB: JVNDB-2012-001879 // CNNVD: CNNVD-201203-411 // NVD: CVE-2012-1447

REFERENCES

url:	http://www.securityfocus.com/archive/1/522005	Trust: 1.7
url:	http://www.ieee-security.org/tc/sp2012/program.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/52601	Trust: 1.1
url:	http://osvdb.org/80432	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1447	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1447	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19233	Trust: 0.6
url:	http://http://www.freedrweb.com/cureit/?lng=en	Trust: 0.3
url:	http://www.pandasecurity.com/usa/	Trust: 0.3
url:	/archive/1/522005	Trust: 0.3

sources: VULHUB: VHN-54728 // BID: 52601 // JVNDB: JVNDB-2012-001879 // CNNVD: CNNVD-201203-411 // NVD: CVE-2012-1447

CREDITS

Suman Jana and Vitaly Shmatikov

Trust: 0.3

sources: BID: 52601

SOURCES

db:	VULHUB	id:	VHN-54728
db:	BID	id:	52601
db:	JVNDB	id:	JVNDB-2012-001879
db:	CNNVD	id:	CNNVD-201203-411
db:	NVD	id:	CVE-2012-1447

LAST UPDATE DATE

2024-11-23T21:46:27.938000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54728	date:	2017-12-06T00:00:00
db:	BID	id:	52601	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001879	date:	2012-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201203-411	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1447	date:	2024-11-21T01:37:00.330

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54728	date:	2012-03-21T00:00:00
db:	BID	id:	52601	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001879	date:	2012-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201203-411	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1447	date:	2012-03-21T10:11:48.333