ID

VAR-201203-0383


CVE

CVE-2012-1423


TITLE

Multiple products TAR Vulnerability to bypass malware detection in file parser

Trust: 0.8

sources: JVNDB: JVNDB-2012-001885

DESCRIPTION

The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoBy a third party, MZ Has a character sequence that starts with POSIX TAR Via files, malware detection can be bypassed. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs. ---------------------------- Vulnerability Descriptions ---------------------------- 1. Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00 CVE no - CVE-2012-1419 2. Specially crafted infected ELF files with "ustar" at offset 257 evades detection. Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection. Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7 CVE no - CVE-2012-1432 15. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection. Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7 CVE no - CVE-2012-1433 16. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection. Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7 CVE no - CVE-2012-1434 17. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection. Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7 CVE no - CVE-2012-1435 18. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection. Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7 CVE no - CVE-2012-1436 19. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection. Affected products - Comodo 7425 CVE no - CVE-2012-1437 20. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection. Affected products - Comodo 7425, Sophos 4.61.0 CVE no - CVE-2012-1438 21. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection. Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7 CVE no - CVE-2012-1439 22. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection. Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7 CVE no - CVE-2012-1440 23. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly. If any of these fields in an infected MS EXE file is incremented by 1 it evades detection. Affected products - Prevx 3.0 'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly. If any of these fields in an infected MS EXE file is incremented by 1 it evades detection. Affected products - eSafe 7.0.017.0, Prevx 3.0 CVE no - CVE-2012-1441 24. 'class' field in ELF files is parsed incorrectly. If an infected ELF file's class field is incremented by 1 it evades detection. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2 CVE no - CVE-2012-1443 26. 'abiversion' field in ELF files is parsed incorrectly. If an infected ELF file's abiversion field is incremented by 1 it evades detection. Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7 CVE no - CVE-2012-1444 27. 'abi' field in ELF files is parsed incorrectly. If an infected ELF file's abi field is incremented by 1 it evades detection. Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7 CVE no - CVE-2012-1445 28. 'encoding' field in ELF files is parsed incorrectly. If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly. If an infected ELF file's e_version field is incremented by 1 it evades detection. Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7 CVE no - CVE-2012-1447 30. 'cbCabinet' field in CAB files is parsed incorrectly. If an infected CAB file's cbCabinet field is incremented by 1 it evades detection. Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 CVE no - CVE-2012-1448 31. 'vMajor' field in CAB files is parsed incorrectly. If an infected CAB file's vMajor field is incremented by 1 it evades detection. Affected products - NOD32 5795, Rising 22.83.00.03 CVE no - CVE-2012-1449 32. 'reserved3' field in CAB files is parsed incorrectly. If an infected CAB file's reserved field is incremented by 1 it evades detection. Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0 CVE no - CVE-2012-1450 33. 'reserved2' field in CAB files is parsed incorrectly. If an infected CAB file's reserved2 field is incremented by 1 it evades detection. Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0 CVE no - CVE-2012-1451 34. 'reserved1' field in CAB files is parsed incorrectly. If an infected CAB file's reserved field is incremented by 1 it evades detection. Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00 CVE no - CVE-2012-1452 35. 'coffFiles' field in CAB files is parsed incorrectly. If an infected CAB file's coffFiles field is incremented by 1 it evades detection. 'ei_version' field in ELF files is parsed incorrectly. If an infected ELF file's version field is incremented by 1 it evades detection. 'vMinor' field in CAB files is parsed incorrectly. If an infected CAB file's version field is incremented by 1 it evades detection. Affected products - NOD32 5795, Rising 22.83.00.03 CVE no - CVE-2012-1455 38. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header. If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header. Affected products - ClamAV 0.96.4, Sophos 4.61.0 CVE no - CVE-2012-1458 41. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive. If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 CVE no - CVE-2012-1461 44. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103 CVE no - CVE-2012-1462 45. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly. Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 CVE no - CVE-2012-1463 -------- Credits -------- Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. ----------- References ----------- "Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

Trust: 2.16

sources: NVD: CVE-2012-1423 // JVNDB: JVNDB-2012-001885 // BID: 52588 // VULHUB: VHN-54704 // VULMON: CVE-2012-1423 // PACKETSTORM: 110990

AFFECTED PRODUCTS

vendor:authentiummodel:command antivirusscope:eqversion:5.2.11.5

Trust: 2.4

vendor:emsisoftmodel:anti-malwarescope:eqversion:5.1.0.1

Trust: 1.8

vendor:esetmodel:nod32 antivirusscope:eqversion:5795

Trust: 1.8

vendor:ikarusmodel:virus utilities t3 command line scannerscope:eqversion:1.1.97.0

Trust: 1.8

vendor:pc toolsmodel:antivirusscope:eqversion:7.0.3.5

Trust: 1.8

vendor:virusbustermodel:virusbusterscope:eqversion:13.6.151.0

Trust: 1.8

vendor:fortinetmodel:antivirusscope:eqversion:4.2.254.0

Trust: 1.8

vendor:normanmodel:antivirus \& antispywarescope:eqversion:6.06.12

Trust: 1.0

vendor:rising globalmodel:antivirusscope:eqversion:22.83.00.03

Trust: 1.0

vendor:f protmodel:f-prot antivirusscope:eqversion:4.6.2.117

Trust: 1.0

vendor:k7computingmodel:antivirusscope:eqversion:9.77.3565

Trust: 1.0

vendor:risingmodel:antivirusscope:eqversion:22.83.00.03

Trust: 0.8

vendor:friskmodel:f-prot antivirusscope:eqversion:4.6.2.117

Trust: 0.8

vendor:k7 computingmodel:antivirusscope:eqversion:9.77.3565

Trust: 0.8

vendor:normanmodel:antivirusscope:eqversion:6.06.12

Trust: 0.8

vendor:trend micromodel:virusbusterscope:eqversion:13.6.1510

Trust: 0.3

vendor:risingmodel:antivirusscope:eqversion:22.8303

Trust: 0.3

vendor:pctoolsmodel:antivirusscope:eqversion:7.0.35

Trust: 0.3

vendor:normanmodel:antivirusscope:eqversion:6.6.12

Trust: 0.3

vendor:k7model:computing pvt ltd k7antivirusscope:eqversion:9.77.3565

Trust: 0.3

vendor:ikarusmodel:antivirus t3.1.1.97.0scope: - version: -

Trust: 0.3

vendor:friskmodel:software f-prot antivirusscope:eqversion:4.6.2117

Trust: 0.3

vendor:fortinetmodel:antivirusscope:eqversion:4.2.2540

Trust: 0.3

vendor:esetmodel:nod32scope:eqversion:5795

Trust: 0.3

vendor:emsisoftmodel:antivirusscope:eqversion:5.11

Trust: 0.3

vendor:authentiummodel:command antivirusscope:eqversion:5.2.115

Trust: 0.3

sources: BID: 52588 // JVNDB: JVNDB-2012-001885 // CNNVD: CNNVD-201203-389 // NVD: CVE-2012-1423

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1423
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1423
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201203-389
value: MEDIUM

Trust: 0.6

VULHUB: VHN-54704
value: MEDIUM

Trust: 0.1

VULMON: CVE-2012-1423
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1423
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-54704
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-54704 // VULMON: CVE-2012-1423 // JVNDB: JVNDB-2012-001885 // CNNVD: CNNVD-201203-389 // NVD: CVE-2012-1423

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-54704 // JVNDB: JVNDB-2012-001885 // NVD: CVE-2012-1423

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201203-389

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201203-389

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001885

PATCH

title:Command Antivirusurl:http://www.authentium.com/command/CSAVDownload.html

Trust: 0.8

title:Top Pageurl:http://www.rising-global.com/

Trust: 0.8

title:Top Pageurl:http://www.emsisoft.com/en/

Trust: 0.8

title:Top Pageurl:http://www.eset.com/us/

Trust: 0.8

title:Top Pageurl:http://www.fortinet.com/

Trust: 0.8

title:Top Pageurl:http://www.f-prot.com/

Trust: 0.8

title:Top Pageurl:http://www.ikarus.at/en/

Trust: 0.8

title:Top Pageurl:http://www.k7computing.com/en/

Trust: 0.8

title:Top Pageurl:http://www.norman.com/

Trust: 0.8

title:Top Pageurl:http://www.pctools.com/jp/

Trust: 0.8

title:Top Pageurl:http://www.virusbuster.hu/en/

Trust: 0.8

sources: JVNDB: JVNDB-2012-001885

EXTERNAL IDS

db:NVDid:CVE-2012-1423

Trust: 3.0

db:OSVDBid:80396

Trust: 1.2

db:OSVDBid:80395

Trust: 1.2

db:OSVDBid:80393

Trust: 1.2

db:OSVDBid:80406

Trust: 1.2

db:OSVDBid:80407

Trust: 1.2

db:JVNDBid:JVNDB-2012-001885

Trust: 0.8

db:CNNVDid:CNNVD-201203-389

Trust: 0.7

db:BUGTRAQid:20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS

Trust: 0.6

db:BIDid:52588

Trust: 0.5

db:VULHUBid:VHN-54704

Trust: 0.1

db:VULMONid:CVE-2012-1423

Trust: 0.1

db:PACKETSTORMid:110990

Trust: 0.1

sources: VULHUB: VHN-54704 // VULMON: CVE-2012-1423 // BID: 52588 // JVNDB: JVNDB-2012-001885 // PACKETSTORM: 110990 // CNNVD: CNNVD-201203-389 // NVD: CVE-2012-1423

REFERENCES

url:http://www.securityfocus.com/archive/1/522005

Trust: 1.8

url:http://www.ieee-security.org/tc/sp2012/program.html

Trust: 1.8

url:http://osvdb.org/80393

Trust: 1.2

url:http://osvdb.org/80395

Trust: 1.2

url:http://osvdb.org/80396

Trust: 1.2

url:http://osvdb.org/80406

Trust: 1.2

url:http://osvdb.org/80407

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1423

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1423

Trust: 0.8

url:http://www.authentium.com

Trust: 0.3

url:http://www.emsisoft.com/en/software/antimalware/

Trust: 0.3

url:http://eset.com

Trust: 0.3

url:http://www.fortinet.com/

Trust: 0.3

url:http://www.f-prot.com/

Trust: 0.3

url:http://www.ikarus.at

Trust: 0.3

url:http://www.k7computing.com/en/product/k7-antivirusplus.php

Trust: 0.3

url:http://anti-virus-software-review.toptenreviews.com/norman-review.html

Trust: 0.3

url:http://www.pctools.com/spyware-doctor-antivirus/

Trust: 0.3

url:http://www.rising-global.com/

Trust: 0.3

url:http://www.trend.com

Trust: 0.3

url:/archive/1/522005

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/264.html

Trust: 0.1

url:https://www.securityfocus.com/bid/52588

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1419

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1439

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1429

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1440

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1432

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1438

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1428

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1446

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1443

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1441

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1430

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1434

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1435

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1424

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1431

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1423

Trust: 0.1

url:http://www.ieee-security.org/tc/sp2012/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1442

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1433

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1427

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1437

Trust: 0.1

sources: VULHUB: VHN-54704 // VULMON: CVE-2012-1423 // BID: 52588 // JVNDB: JVNDB-2012-001885 // PACKETSTORM: 110990 // CNNVD: CNNVD-201203-389 // NVD: CVE-2012-1423

CREDITS

Suman Jana and Vitaly Shmatikov

Trust: 0.3

sources: BID: 52588

SOURCES

db:VULHUBid:VHN-54704
db:VULMONid:CVE-2012-1423
db:BIDid:52588
db:JVNDBid:JVNDB-2012-001885
db:PACKETSTORMid:110990
db:CNNVDid:CNNVD-201203-389
db:NVDid:CVE-2012-1423

LAST UPDATE DATE

2024-11-23T21:46:23.474000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-54704date:2012-08-14T00:00:00
db:VULMONid:CVE-2012-1423date:2012-08-14T00:00:00
db:BIDid:52588date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001885date:2012-03-26T00:00:00
db:CNNVDid:CNNVD-201203-389date:2012-04-01T00:00:00
db:NVDid:CVE-2012-1423date:2024-11-21T01:36:57.033

SOURCES RELEASE DATE

db:VULHUBid:VHN-54704date:2012-03-21T00:00:00
db:VULMONid:CVE-2012-1423date:2012-03-21T00:00:00
db:BIDid:52588date:2012-03-20T00:00:00
db:JVNDBid:JVNDB-2012-001885date:2012-03-26T00:00:00
db:PACKETSTORMid:110990date:2012-03-19T23:51:01
db:CNNVDid:CNNVD-201203-389date:2012-03-26T00:00:00
db:NVDid:CVE-2012-1423date:2012-03-21T10:11:47.317