Sign-up

ID

VAR-201203-0378


CVE

CVE-2012-1454


TITLE

Multiple products ELF Vulnerability in parser that prevents malware detection

Trust: 0.8

sources: JVNDB: JVNDB-2012-001868

DESCRIPTION

The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF There are vulnerabilities in parsers that prevent malware detection. Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: eSafe Antivirus 7.0.17.0 McAfee McAfee-GW-Edition 2010.1C Rising Antivirus 22.83.00.03 Panda Antivirus 10.0.2.7

Trust: 1.98

sources: NVD: CVE-2012-1454 // JVNDB: JVNDB-2012-001868 // BID: 52606 // VULHUB: VHN-54735

AFFECTED PRODUCTS

vendor:aladdinmodel:esafescope:eqversion:7.0.17.0

Trust: 1.8

vendor:fortinetmodel:antivirusscope:eqversion:4.2.254.0

Trust: 1.8

vendor:pandasecuritymodel:panda antivirusscope:eqversion:10.0.2.7

Trust: 1.6

vendor:mcafeemodel:gatewayscope:eqversion:2010.1c

Trust: 1.0

vendor:drwebmodel:dr.web antivirusscope:eqversion:5.0.2.03300

Trust: 1.0

vendor:rising globalmodel:antivirusscope:eqversion:22.83.00.03

Trust: 1.0

vendor:risingmodel:antivirusscope:eqversion:22.83.00.03

Trust: 0.8

vendor:doctor webmodel:dr.web anti-virusscope:eqversion:5.0.2.03300

Trust: 0.8

vendor:panda securitymodel:antivirusscope:eqversion:10.0.2.7

Trust: 0.8

vendor:mcafeemodel:web gateway softwarescope:eqversion:2010.1c

Trust: 0.8

vendor:risingmodel:antivirusscope:eqversion:22.8303

Trust: 0.3

vendor:pandamodel:antivirusscope:eqversion:10.0.27

Trust: 0.3

vendor:mcafeemodel:mcafee-gw-edition 2010.1cscope: - version: -

Trust: 0.3

vendor:esafemodel:antivirusscope:eqversion:7.0.170

Trust: 0.3

sources: BID: 52606 // JVNDB: JVNDB-2012-001868 // CNNVD: CNNVD-201203-417 // NVD: CVE-2012-1454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1454
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1454
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201203-417
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54735
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1454
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-54735
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54735 // JVNDB: JVNDB-2012-001868 // CNNVD: CNNVD-201203-417 // NVD: CVE-2012-1454

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-54735 // JVNDB: JVNDB-2012-001868 // NVD: CVE-2012-1454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-417

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-417

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001868

PATCH
title:Top Pageurl:http://www.rising-global.com/
Trust: 0.8
title:Top Pageurl:http://www.drweb.co.jp/
Trust: 0.8
title:Top Pageurl:http://www.fortinet.com/
Trust: 0.8
title:Top Pageurl:http://www.ps-japan.co.jp/
Trust: 0.8
title:eSafeurl:http://www.aladdin.co.jp/esafe/
Trust: 0.8
title:McAfee Web Gatewayurl:http://www.mcafee.com/japan/products/web_gateway.asp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-001868

EXTERNAL IDS
db:NVDid:CVE-2012-1454
Trust: 2.8
db:OSVDBid:80432
Trust: 1.1
db:JVNDBid:JVNDB-2012-001868
Trust: 0.8
db:CNNVDid:CNNVD-201203-417
Trust: 0.7
db:NSFOCUSid:19236
Trust: 0.6
db:BUGTRAQid:20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS
Trust: 0.6
db:BIDid:52606
Trust: 0.4
db:VULHUBid:VHN-54735
Trust: 0.1
sources:
            
            
            VULHUB: VHN-54735 // 
            
            
            
            BID: 52606 // 
            
            
            
            JVNDB: JVNDB-2012-001868 // 
            
            
            
            CNNVD: CNNVD-201203-417 // 
            
            
            
            NVD: CVE-2012-1454

REFERENCES
url:http://www.securityfocus.com/archive/1/522005
Trust: 1.7
url:http://www.ieee-security.org/tc/sp2012/program.html
Trust: 1.7
url:http://osvdb.org/80432
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1454
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1454
Trust: 0.8
url:http://www.nsfocus.net/vulndb/19236
Trust: 0.6
url:http://www.safenet-inc.com/data-protection/content-security-esafe/
Trust: 0.3
url:http://www.mcafee.com/
Trust: 0.3
url:http://www.pandasecurity.com/usa/
Trust: 0.3
url:http://www.rising-global.com/
Trust: 0.3
url:/archive/1/522005
Trust: 0.3
sources:
            
            
            VULHUB: VHN-54735 // 
            
            
            
            BID: 52606 // 
            
            
            
            JVNDB: JVNDB-2012-001868 // 
            
            
            
            CNNVD: CNNVD-201203-417 // 
            
            
            
            NVD: CVE-2012-1454

CREDITS
Suman Jana and Vitaly Shmatikov
Trust: 0.3
sources:
            
            
            BID: 52606

SOURCES
db:VULHUBid:VHN-54735
db:BIDid:52606
db:JVNDBid:JVNDB-2012-001868
db:CNNVDid:CNNVD-201203-417
db:NVDid:CVE-2012-1454

LAST UPDATE DATE
2024-11-23T21:46:28.132000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-54735date:2012-07-28T00:00:00
db:BIDid:52606date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001868date:2012-03-23T00:00:00
db:CNNVDid:CNNVD-201203-417date:2012-04-01T00:00:00
db:NVDid:CVE-2012-1454date:2024-11-21T01:37:01.293

SOURCES RELEASE DATE
db:VULHUBid:VHN-54735date:2012-03-21T00:00:00
db:BIDid:52606date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001868date:2012-03-23T00:00:00
db:CNNVDid:CNNVD-201203-417date:2012-03-26T00:00:00
db:NVDid:CVE-2012-1454date:2012-03-21T10:11:49.160