Details of VAR-201203-0380

ID

VAR-201203-0380

CVE

CVE-2012-1456

TITLE

Multiple products TAR Vulnerability that prevents file parsers from detecting malware

Trust: 0.8

sources: JVNDB: JVNDB-2012-001900

DESCRIPTION

The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party ZIP File attached TAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: AVG AVG Anti-Virus 10.0.0.1190 Quick Heal Technologies CAT-QuickHeal 11.00 Comodo AntiVirus 7424 Emsisoft Antivirus 5.1.0.1 eSafe Antivirus 7.0.17.0 Frisk Software F-Prot Antivirus 4.6.2.117 Fortinet Antivirus 4.2.254.0 Ikarus Antivirus T3.1.1.97.0

Trust: 1.98

sources: NVD: CVE-2012-1456 // JVNDB: JVNDB-2012-001900 // BID: 52608 // VULHUB: VHN-54737

AFFECTED PRODUCTS

vendor:	comodo	model:	antivirus	scope:	eq	version:	7424	Trust: 2.1
vendor:	avg	model:	anti-virus	scope:	eq	version:	10.0.0.1190	Trust: 1.8
vendor:	emsisoft	model:	anti-malware	scope:	eq	version:	5.1.0.1	Trust: 1.8
vendor:	ikarus	model:	virus utilities t3 command line scanner	scope:	eq	version:	1.1.97.0	Trust: 1.8
vendor:	jiangmin	model:	antivirus	scope:	eq	version:	13.0.900	Trust: 1.8
vendor:	aladdin	model:	esafe	scope:	eq	version:	7.0.17.0	Trust: 1.8
vendor:	kaspersky	model:	anti-virus	scope:	eq	version:	7.0.0.125	Trust: 1.8
vendor:	sophos	model:	anti-virus	scope:	eq	version:	4.61.0	Trust: 1.8
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.254.0	Trust: 1.8
vendor:	mcafee	model:	scan engine	scope:	eq	version:	5.400.0.1158	Trust: 1.8
vendor:	trendmicro	model:	trend micro antivirus	scope:	eq	version:	9.120.0.1004	Trust: 1.6
vendor:	trendmicro	model:	housecall	scope:	eq	version:	9.120.0.1004	Trust: 1.6
vendor:	rising global	model:	antivirus	scope:	eq	version:	22.83.00.03	Trust: 1.0
vendor:	eset	model:	nod32 antivirus	scope:	eq	version:	5795	Trust: 1.0
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11.0	Trust: 1.0
vendor:	pandasecurity	model:	panda antivirus	scope:	eq	version:	10.0.2.7	Trust: 1.0
vendor:	mcafee	model:	gateway	scope:	eq	version:	2010.1c	Trust: 1.0
vendor:	norman	model:	antivirus \& antispyware	scope:	eq	version:	6.06.12	Trust: 1.0
vendor:	cat	model:	quick heal	scope:	eq	version:	11.00	Trust: 1.0
vendor:	f prot	model:	f-prot antivirus	scope:	eq	version:	4.6.2.117	Trust: 1.0
vendor:	rising	model:	antivirus	scope:	eq	version:	22.83.00.03	Trust: 0.8
vendor:	eset	model:	nod32 anti-virus	scope:	eq	version:	5795	Trust: 0.8
vendor:	frisk	model:	f-prot antivirus	scope:	eq	version:	4.6.2.117	Trust: 0.8
vendor:	norman	model:	antivirus	scope:	eq	version:	6.06.12	Trust: 0.8
vendor:	panda security	model:	antivirus	scope:	eq	version:	10.0.2.7	Trust: 0.8
vendor:	quick heal k k	model:	heal	scope:	eq	version:	11.00	Trust: 0.8
vendor:	symantec	model:	endpoint protection	scope:	eq	version:	11	Trust: 0.8
vendor:	trend micro	model:	antivirus	scope:	eq	version:	9.120.0.1004	Trust: 0.8
vendor:	trend micro	model:	housecall	scope:	eq	version:	9.120.0.1004	Trust: 0.8
vendor:	mcafee	model:	web gateway software	scope:	eq	version:	2010.1c	Trust: 0.8
vendor:	quick heal	model:	cat-quickheal	scope:	eq	version:	11.00	Trust: 0.3
vendor:	ikarus	model:	antivirus t3.1.1.97.0	scope:	-	version:	-	Trust: 0.3
vendor:	frisk	model:	software f-prot antivirus	scope:	eq	version:	4.6.2117	Trust: 0.3
vendor:	fortinet	model:	antivirus	scope:	eq	version:	4.2.2540	Trust: 0.3
vendor:	esafe	model:	antivirus	scope:	eq	version:	7.0.170	Trust: 0.3
vendor:	emsisoft	model:	antivirus	scope:	eq	version:	5.11	Trust: 0.3
vendor:	avg	model:	anti-virus	scope:	eq	version:	10.01190	Trust: 0.3

sources: BID: 52608 // JVNDB: JVNDB-2012-001900 // CNNVD: CNNVD-201203-419 // NVD: CVE-2012-1456

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1456
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-1456
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201203-419
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-54737
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-1456
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-54737
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-54737 // JVNDB: JVNDB-2012-001900 // CNNVD: CNNVD-201203-419 // NVD: CVE-2012-1456

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-54737 // JVNDB: JVNDB-2012-001900 // NVD: CVE-2012-1456

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-419

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-419

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001900

PATCH

title:	AVG Anti-Virus	url:	http://www.avgjapan.com/home-small-office-security/buy-antivirus	Trust: 0.8
title:	Rising Antivirus	url:	http://www.rising-global.com/	Trust: 0.8
title:	Comodo Antivirus	url:	http://www.comodo.com/home/internet-security/antivirus.php	Trust: 0.8
title:	Emsisoft Anti-Malware	url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.8
title:	ESET NOD32アンチウイルス	url:	http://www.eset.com/us/	Trust: 0.8
title:	Fortinet Antivirus	url:	http://www.fortinet.com/solutions/antivirus.html	Trust: 0.8
title:	F-Prot Antivirus	url:	http://www.f-prot.com/index.html	Trust: 0.8
title:	Top Page	url:	http://www.ikarus.at/en/	Trust: 0.8
title:	Jiangmin Antivirus	url:	http://global.jiangmin.com/	Trust: 0.8
title:	McAfee Scan Engine	url:	http://www.mcafee.com/us/support/support-eol-scan-engine.aspx	Trust: 0.8
title:	McAfee Web Gateway	url:	http://www.mcafee.com/us/products/web-gateway.aspx	Trust: 0.8
title:	Norman Antivirus	url:	http://www.norman.com/products/antivirus_antispyware/en	Trust: 0.8
title:	Panda Antivirus	url:	http://www.ps-japan.co.jp/	Trust: 0.8
title:	Quick Heal	url:	http://www.quickheal.com/	Trust: 0.8
title:	Sophos Anti-Virus	url:	http://www.sophos.com/ja-jp/	Trust: 0.8
title:	Endpoint Protection	url:	http://www.symantec.com/ja/jp/endpoint-protection	Trust: 0.8
title:	Top Page	url:	http://jp.trendmicro.com/jp/home/index.html	Trust: 0.8
title:	Trend Micro HouseCall	url:	http://housecall.trendmicro.com/	Trust: 0.8
title:	eSafe	url:	http://www.aladdin.co.jp/esafe/	Trust: 0.8
title:	Kaspersky Anti-Virus	url:	http://www.kaspersky.com/kaspersky_anti-virus	Trust: 0.8

sources: JVNDB: JVNDB-2012-001900

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1456	Trust: 2.8
db:	BID	id:	52608	Trust: 1.4
db:	OSVDB	id:	80396	Trust: 1.1
db:	OSVDB	id:	80389	Trust: 1.1
db:	OSVDB	id:	80391	Trust: 1.1
db:	OSVDB	id:	80403	Trust: 1.1
db:	OSVDB	id:	80395	Trust: 1.1
db:	OSVDB	id:	80390	Trust: 1.1
db:	OSVDB	id:	80406	Trust: 1.1
db:	OSVDB	id:	80409	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-001900	Trust: 0.8
db:	CNNVD	id:	CNNVD-201203-419	Trust: 0.7
db:	NSFOCUS	id:	19212	Trust: 0.6
db:	BUGTRAQ	id:	20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS	Trust: 0.6
db:	VULHUB	id:	VHN-54737	Trust: 0.1

sources: VULHUB: VHN-54737 // BID: 52608 // JVNDB: JVNDB-2012-001900 // CNNVD: CNNVD-201203-419 // NVD: CVE-2012-1456

REFERENCES

url:	http://www.securityfocus.com/archive/1/522005	Trust: 1.7
url:	http://www.ieee-security.org/tc/sp2012/program.html	Trust: 1.7
url:	http://www.securityfocus.com/bid/52608	Trust: 1.1
url:	http://osvdb.org/80389	Trust: 1.1
url:	http://osvdb.org/80390	Trust: 1.1
url:	http://osvdb.org/80391	Trust: 1.1
url:	http://osvdb.org/80395	Trust: 1.1
url:	http://osvdb.org/80396	Trust: 1.1
url:	http://osvdb.org/80403	Trust: 1.1
url:	http://osvdb.org/80406	Trust: 1.1
url:	http://osvdb.org/80409	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/74289	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1456	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1456	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19212	Trust: 0.6
url:	http://www.avg.com	Trust: 0.3
url:	http://www.comodo.com/	Trust: 0.3
url:	http://www.emsisoft.com/en/software/antimalware/	Trust: 0.3
url:	http://www.safenet-inc.com/data-protection/content-security-esafe/	Trust: 0.3
url:	http://www.fortinet.com/	Trust: 0.3
url:	http://www.f-prot.com/	Trust: 0.3
url:	http://www.ikarus.at	Trust: 0.3
url:	http://www.quickheal.com/	Trust: 0.3
url:	/archive/1/522005	Trust: 0.3

sources: VULHUB: VHN-54737 // BID: 52608 // JVNDB: JVNDB-2012-001900 // CNNVD: CNNVD-201203-419 // NVD: CVE-2012-1456

CREDITS

Suman Jana and Vitaly Shmatikov

Trust: 0.3

sources: BID: 52608

SOURCES

db:	VULHUB	id:	VHN-54737
db:	BID	id:	52608
db:	JVNDB	id:	JVNDB-2012-001900
db:	CNNVD	id:	CNNVD-201203-419
db:	NVD	id:	CVE-2012-1456

LAST UPDATE DATE

2024-11-23T21:46:23.269000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-54737	date:	2017-08-29T00:00:00
db:	BID	id:	52608	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001900	date:	2012-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201203-419	date:	2012-04-01T00:00:00
db:	NVD	id:	CVE-2012-1456	date:	2024-11-21T01:37:01.597

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-54737	date:	2012-03-21T00:00:00
db:	BID	id:	52608	date:	2012-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-001900	date:	2012-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201203-419	date:	2012-03-26T00:00:00
db:	NVD	id:	CVE-2012-1456	date:	2012-03-21T10:11:49.240