Details of VAR-201203-0377

ID

VAR-201203-0377

CVE

CVE-2012-1453

TITLE

Multiple products CAB Vulnerability to bypass malware detection in file parser

Trust: 0.8

sources: JVNDB: JVNDB-2012-001867

DESCRIPTION

The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. Multiple products CAB The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoChanged by a third party coffFiles Have fields CAB Via files, malware detection can be bypassed. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: McAfee 5.0.2.03300 TrendMicro-HouseCall 9.120.0.1004 Kaspersky 7.0.0.125 Sophos 4.61.0 TrendMicro 9.120.0.1004 McAfee-GW-Edition 2010.1C Emsisoft 5.1.0.1 eTrust-Vet 36.1.8511 Antiy-AVL 2.0.3.7 Microsoft 1.6402, Rising 22.83.00.03 Ikarus T3.1.1.97.0 Fortinet 4.2.254.0 Panda 10.0.2.7

Trust: 1.98

sources: NVD: CVE-2012-1453 // JVNDB: JVNDB-2012-001867 // BID: 52621 // VULHUB: VHN-54734

AFFECTED PRODUCTS

vendor:	kaspersky	model:	anti-virus	scope:	eq	version:	7.0.0.125	Trust: 2.1
vendor:	antiy	model:	avl sdk	scope:	eq	version:	2.0.3.7	Trust: 1.8
vendor:	ca	model:	etrust vet antivirus	scope:	eq	version:	36.1.8511	Trust: 1.8
vendor:	emsisoft	model:	anti-malware	scope:	eq	version:	5.1.0.1	Trust: 1.8
vendor:	ikarus	model:	virus utilities t3 command line scanner	scope:	eq	version:	1.1.97.0	Trust: 1.8
vendor:	sophos	model:	anti-virus	scope:	eq	version:	4.61.0	Trust: 1.8
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.254.0	Trust: 1.8
vendor:	microsoft	model:	security essentials	scope:	eq	version:	2.0	Trust: 1.8
vendor:	pandasecurity	model:	panda antivirus	scope:	eq	version:	10.0.2.7	Trust: 1.6
vendor:	mcafee	model:	gateway	scope:	eq	version:	2010.1c	Trust: 1.0
vendor:	trendmicro	model:	trend micro antivirus	scope:	eq	version:	9.120.0.1004	Trust: 1.0
vendor:	rising global	model:	antivirus	scope:	eq	version:	22.83.00.03	Trust: 1.0
vendor:	drweb	model:	dr.web antivirus	scope:	eq	version:	5.0.2.03300	Trust: 1.0
vendor:	trendmicro	model:	housecall	scope:	eq	version:	9.120.0.1004	Trust: 1.0
vendor:	rising	model:	antivirus	scope:	eq	version:	22.83.00.03	Trust: 0.8
vendor:	doctor web	model:	dr.web antivirus	scope:	eq	version:	5.0.2.03300	Trust: 0.8
vendor:	panda security	model:	antivirus	scope:	eq	version:	10.0.2.7	Trust: 0.8
vendor:	trend micro	model:	antivirus	scope:	eq	version:	9.120.0.1004	Trust: 0.8
vendor:	trend micro	model:	housecall	scope:	eq	version:	9.120.0.1004	Trust: 0.8
vendor:	mcafee	model:	web gateway software	scope:	eq	version:	2010.1c	Trust: 0.8
vendor:	trend micro	model:	trend micro	scope:	eq	version:	9.1201004	Trust: 0.3
vendor:	trend micro	model:	housecall	scope:	eq	version:	9.1201004	Trust: 0.3
vendor:	sophos	model:	anti-virus	scope:	eq	version:	4.61	Trust: 0.3
vendor:	rising	model:	antivirus	scope:	eq	version:	22.8303	Trust: 0.3
vendor:	quick heal	model:	cat-quickheal	scope:	eq	version:	11.00	Trust: 0.3
vendor:	panda	model:	antivirus	scope:	eq	version:	10.0.27	Trust: 0.3
vendor:	microsoft	model:	antivirus	scope:	eq	version:	1.6402	Trust: 0.3
vendor:	mcafee	model:	mcafee-gw-edition 2010.1c	scope:	-	version:	-	Trust: 0.3
vendor:	mcafee	model:	mcafee	scope:	eq	version:	5.0.2.03300	Trust: 0.3
vendor:	ikarus	model:	antivirus t3.1.1.97.0	scope:	-	version:	-	Trust: 0.3
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.2540	Trust: 0.3
vendor:	emsisoft	model:	antivirus	scope:	eq	version:	5.11.0	Trust: 0.3
vendor:	emsisoft	model:	antivirus	scope:	eq	version:	5.11	Trust: 0.3
vendor:	computer	model:	associates etrust vet antivirus	scope:	eq	version:	36.1.8511	Trust: 0.3
vendor:	antiy	model:	antiy-avl	scope:	eq	version:	2.0.37	Trust: 0.3

sources: BID: 52621 // JVNDB: JVNDB-2012-001867 // CNNVD: CNNVD-201203-416 // NVD: CVE-2012-1453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1453
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1453
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201203-416
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54734
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1453
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54734
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54734 // JVNDB: JVNDB-2012-001867 // CNNVD: CNNVD-201203-416 // NVD: CVE-2012-1453

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-54734 // JVNDB: JVNDB-2012-001867 // NVD: CVE-2012-1453

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-416

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-416

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001867

PATCH

title:	AVL SDK	url:	http://www.antiy.net/en/avlsdk.html	Trust: 0.8
title:	Top Page	url:	http://www.rising-global.com/	Trust: 0.8
title:	Top Page	url:	http://www.vet.com.au/	Trust: 0.8
title:	Top Page	url:	http://www.drweb.co.jp/	Trust: 0.8
title:	Emsisoft Anti-Malware	url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.8
title:	Top Page	url:	http://www.fortinet.com/	Trust: 0.8
title:	IKARUS virus.utilities	url:	http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html	Trust: 0.8
title:	Top Page	url:	http://www.ps-japan.co.jp/	Trust: 0.8
title:	Top Page	url:	http://jp.trendmicro.com/jp/home/	Trust: 0.8
title:	Trend Micro HouseCall	url:	http://jp.trendmicro.com/jp/tools/housecall/	Trust: 0.8
title:	Kaspersky Anti-Virus	url:	http://www.kaspersky.com/kaspersky_anti-virus	Trust: 0.8
title:	Top Page	url:	http://www.sophos.com	Trust: 0.8
title:	Microsoft Security Essentials	url:	http://windows.microsoft.com/ja-JP/windows/products/security-essentials	Trust: 0.8
title:	McAfee Web Gateway	url:	http://www.mcafee.com/japan/products/web_gateway.asp	Trust: 0.8

sources: JVNDB: JVNDB-2012-001867

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1453	Trust: 2.8
db:	BID	id:	52621	Trust: 1.4
db:	OSVDB	id:	80487	Trust: 1.1
db:	OSVDB	id:	80482	Trust: 1.1
db:	OSVDB	id:	80484	Trust: 1.1
db:	OSVDB	id:	80483	Trust: 1.1
db:	OSVDB	id:	80489	Trust: 1.1
db:	OSVDB	id:	80486	Trust: 1.1
db:	OSVDB	id:	80488	Trust: 1.1
db:	OSVDB	id:	80485	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-001867	Trust: 0.8
db:	CNNVD	id:	CNNVD-201203-416	Trust: 0.7
db:	BUGTRAQ	id:	20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-54734	Trust: 0.1

sources: VULHUB: VHN-54734 // BID: 52621 // JVNDB: JVNDB-2012-001867 // CNNVD: CNNVD-201203-416 // NVD: CVE-2012-1453

REFERENCES

url:	http://www.securityfocus.com/archive/1/522005	Trust: 1.7
url:	http://www.ieee-security.org/tc/sp2012/program.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/52621	Trust: 1.1
url:	http://osvdb.org/80482	Trust: 1.1
url:	http://osvdb.org/80483	Trust: 1.1
url:	http://osvdb.org/80484	Trust: 1.1
url:	http://osvdb.org/80485	Trust: 1.1
url:	http://osvdb.org/80486	Trust: 1.1
url:	http://osvdb.org/80487	Trust: 1.1
url:	http://osvdb.org/80488	Trust: 1.1
url:	http://osvdb.org/80489	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1453	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1453	Trust: 0.8
url:	http://www.antiy.net	Trust: 0.3
url:	http://www.ca.com	Trust: 0.3
url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.3
url:	http://seclists.org/bugtraq/2012/mar/88	Trust: 0.3
url:	http://www.fortinet.com/	Trust: 0.3
url:	http://www.ikarus.at	Trust: 0.3
url:	http://www.kaspersky.com/	Trust: 0.3
url:	http://www.mcafee.com/	Trust: 0.3
url:	http://www.microsoft.com	Trust: 0.3
url:	http://www.pandasecurity.com/usa/	Trust: 0.3
url:	http://www.quickheal.co.in/default.asp	Trust: 0.3
url:	http://www.rising-global.com/	Trust: 0.3
url:	http://www.sophos.com/	Trust: 0.3
url:	http://www.trend.com	Trust: 0.3
url:	/archive/1/522005	Trust: 0.3

sources: VULHUB: VHN-54734 // BID: 52621 // JVNDB: JVNDB-2012-001867 // CNNVD: CNNVD-201203-416 // NVD: CVE-2012-1453

CREDITS

Suman Jana and Vitaly Shmatikov

Trust: 0.3

sources: BID: 52621

SOURCES

db:	VULHUB	id:	VHN-54734
db:	BID	id:	52621
db:	JVNDB	id:	JVNDB-2012-001867
db:	CNNVD	id:	CNNVD-201203-416
db:	NVD	id:	CVE-2012-1453

LAST UPDATE DATE

2024-11-23T21:46:23.580000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54734	date:	2012-11-06T00:00:00
db:	BID	id:	52621	date:	2012-03-30T16:10:00
db:	JVNDB	id:	JVNDB-2012-001867	date:	2012-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201203-416	date:	2012-04-01T00:00:00
db:	NVD	id:	CVE-2012-1453	date:	2024-11-21T01:37:01.140

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54734	date:	2012-03-21T00:00:00
db:	BID	id:	52621	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001867	date:	2012-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201203-416	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1453	date:	2012-03-21T10:11:48.847