Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    17 vulnerabilities by drweb

    VAR-201203-0371

    Vulnerability from variot - Updated: 2023-12-18 12:10

    The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: DrWeb Antivirus 5.0.2.03300 Panda Antivirus 10.0.2.7. Fortinet Antivirus is an antivirus software designed by Fortinet Company using signature database and heuristic scanning engine

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0371",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "dr.web antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "drweb",
            "version": "5.0.2.03300"
          },
          {
            "model": "dr.web anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "doctor web",
            "version": "5.0.2.03300"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "10.0.27"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "drweb",
            "version": "5.0.203300"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:drweb:dr.web_antivirus:5.0.2.03300:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52601"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1447",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2012-1447",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54728",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-1447",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-411",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54728",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nDrWeb Antivirus 5.0.2.03300\nPanda Antivirus 10.0.2.7. Fortinet Antivirus is an antivirus software designed by Fortinet Company using signature database and heuristic scanning engine",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "BID",
            "id": "52601"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1447",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "52601",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80432",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "19233",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54728",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "db": "BID",
            "id": "52601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "id": "VAR-201203-0371",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:10:12.769000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.drweb.co.jp/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fortinet.com/solutions/antivirus.html"
          },
          {
            "title": "Panda Antivirus",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "eSafe",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/esafe/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52601"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80432"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1447"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1447"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19233"
          },
          {
            "trust": 0.3,
            "url": "http://http://www.freedrweb.com/cureit/?lng=en"
          },
          {
            "trust": 0.3,
            "url": "http://www.pandasecurity.com/usa/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "db": "BID",
            "id": "52601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "db": "BID",
            "id": "52601"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52601"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "date": "2012-03-21T10:11:48.333000",
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54728"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52601"
          },
          {
            "date": "2012-04-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          },
          {
            "date": "2017-12-06T02:29:04.650000",
            "db": "NVD",
            "id": "CVE-2012-1447"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001879"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-411"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0378

    Vulnerability from variot - Updated: 2023-12-18 12:10

    The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF There are vulnerabilities in parsers that prevent malware detection. Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: eSafe Antivirus 7.0.17.0 McAfee McAfee-GW-Edition 2010.1C Rising Antivirus 22.83.00.03 Panda Antivirus 10.0.2.7

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0378",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "dr.web antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "drweb",
            "version": "5.0.2.03300"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "dr.web anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "doctor web",
            "version": "5.0.2.03300"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "10.0.27"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:drweb:dr.web_antivirus:5.0.2.03300:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52606"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1454",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2012-1454",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54735",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-1454",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-417",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54735",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF There are vulnerabilities in parsers that prevent malware detection. Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\neSafe Antivirus 7.0.17.0\nMcAfee McAfee-GW-Edition 2010.1C\nRising Antivirus 22.83.00.03\nPanda Antivirus 10.0.2.7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "BID",
            "id": "52606"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1454",
            "trust": 2.8
          },
          {
            "db": "OSVDB",
            "id": "80432",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417",
            "trust": 0.7
          },
          {
            "db": "NSFOCUS",
            "id": "19236",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "52606",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-54735",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "db": "BID",
            "id": "52606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "id": "VAR-201203-0378",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:10:08.541000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.drweb.co.jp/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fortinet.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "eSafe",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/esafe/"
          },
          {
            "title": "McAfee Web Gateway",
            "trust": 0.8,
            "url": "http://www.mcafee.com/japan/products/web_gateway.asp"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80432"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1454"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1454"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19236"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.pandasecurity.com/usa/"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "db": "BID",
            "id": "52606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "db": "BID",
            "id": "52606"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52606"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "date": "2012-03-21T10:11:49.160000",
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-07-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54735"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52606"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          },
          {
            "date": "2012-07-28T03:30:36.540000",
            "db": "NVD",
            "id": "CVE-2012-1454"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability in parser that prevents malware detection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001868"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-417"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0377

    Vulnerability from variot - Updated: 2023-12-18 12:10

    The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. Multiple products CAB The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoChanged by a third party coffFiles Have fields CAB Via files, malware detection can be bypassed. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: McAfee 5.0.2.03300 TrendMicro-HouseCall 9.120.0.1004 Kaspersky 7.0.0.125 Sophos 4.61.0 TrendMicro 9.120.0.1004 McAfee-GW-Edition 2010.1C Emsisoft 5.1.0.1 eTrust-Vet 36.1.8511 Antiy-AVL 2.0.3.7 Microsoft 1.6402, Rising 22.83.00.03 Ikarus T3.1.1.97.0 Fortinet 4.2.254.0 Panda 10.0.2.7

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0377",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "kaspersky",
            "version": "7.0.0.125"
          },
          {
            "model": "avl sdk",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "antiy",
            "version": "2.0.3.7"
          },
          {
            "model": "etrust vet antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ca",
            "version": "36.1.8511"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "security essentials",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "microsoft",
            "version": "2.0"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "trend micro antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "dr.web antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "drweb",
            "version": "5.0.2.03300"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "dr.web antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "doctor web",
            "version": "5.0.2.03300"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "trend micro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sophos",
            "version": "4.61"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "cat-quickheal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "quick heal",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "10.0.27"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.6402"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "mcafee",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "5.0.2.03300"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "4.2.2540"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "associates etrust vet antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "computer",
            "version": "36.1.8511"
          },
          {
            "model": "antiy-avl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antiy",
            "version": "2.0.37"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:drweb:dr.web_antivirus:5.0.2.03300:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ca:etrust_vet_antivirus:36.1.8511:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52621"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1453",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2012-1453",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54734",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-1453",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-416",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54734",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. Multiple products CAB The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoChanged by a third party coffFiles Have fields CAB Via files, malware detection can be bypassed. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nMcAfee 5.0.2.03300\nTrendMicro-HouseCall 9.120.0.1004\nKaspersky 7.0.0.125\nSophos 4.61.0\nTrendMicro 9.120.0.1004\nMcAfee-GW-Edition 2010.1C\nEmsisoft 5.1.0.1\neTrust-Vet 36.1.8511\nAntiy-AVL 2.0.3.7\nMicrosoft 1.6402,\nRising 22.83.00.03\nIkarus T3.1.1.97.0\nFortinet 4.2.254.0\nPanda 10.0.2.7",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "BID",
            "id": "52621"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1453",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "52621",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80487",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80482",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80484",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80483",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80489",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80486",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80488",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80485",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54734",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "db": "BID",
            "id": "52621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "id": "VAR-201203-0377",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:10:08.012000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AVL SDK",
            "trust": 0.8,
            "url": "http://www.antiy.net/en/avlsdk.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.vet.com.au/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.drweb.co.jp/"
          },
          {
            "title": "Emsisoft Anti-Malware",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fortinet.com/"
          },
          {
            "title": "IKARUS virus.utilities",
            "trust": 0.8,
            "url": "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/home/"
          },
          {
            "title": "Trend Micro HouseCall",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/tools/housecall/"
          },
          {
            "title": "Kaspersky Anti-Virus",
            "trust": 0.8,
            "url": "http://www.kaspersky.com/kaspersky_anti-virus"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sophos.com"
          },
          {
            "title": "Microsoft Security Essentials",
            "trust": 0.8,
            "url": "http://windows.microsoft.com/ja-jp/windows/products/security-essentials"
          },
          {
            "title": "McAfee Web Gateway",
            "trust": 0.8,
            "url": "http://www.mcafee.com/japan/products/web_gateway.asp"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52621"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80482"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80483"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80484"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80485"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80486"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80487"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80488"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80489"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1453"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1453"
          },
          {
            "trust": 0.3,
            "url": "http://www.antiy.net"
          },
          {
            "trust": 0.3,
            "url": "http://www.ca.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2012/mar/88"
          },
          {
            "trust": 0.3,
            "url": "http://www.fortinet.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.ikarus.at"
          },
          {
            "trust": 0.3,
            "url": "http://www.kaspersky.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.pandasecurity.com/usa/"
          },
          {
            "trust": 0.3,
            "url": "http://www.quickheal.co.in/default.asp"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.sophos.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.trend.com"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "db": "BID",
            "id": "52621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "db": "BID",
            "id": "52621"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52621"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "date": "2012-03-21T10:11:48.847000",
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-11-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54734"
          },
          {
            "date": "2012-03-30T16:10:00",
            "db": "BID",
            "id": "52621"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          },
          {
            "date": "2012-11-06T05:09:05.987000",
            "db": "NVD",
            "id": "CVE-2012-1453"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  CAB Vulnerability to bypass malware detection in file parser",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001867"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-416"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2021-28130 (GCVE-0-2021-28130)

    Vulnerability from cvelistv5 – Published: 2021-09-24 15:27 – Updated: 2024-08-03 21:33
    VLAI
    Summary
    Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:33:17.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://habr.com/ru/company/pm/blog/579328/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-24T15:29:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://habr.com/ru/company/pm/blog/579328/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://news.drweb.ru/show/?i=14180\u0026lng=ru",
                  "refsource": "MISC",
                  "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
                },
                {
                  "name": "https://habr.com/ru/company/pm/blog/579328/",
                  "refsource": "MISC",
                  "url": "https://habr.com/ru/company/pm/blog/579328/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28130",
        "datePublished": "2021-09-24T15:27:56.000Z",
        "dateReserved": "2021-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:33:17.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-23967 (GCVE-0-2020-23967)

    Vulnerability from cvelistv5 – Published: 2021-03-08 14:34 – Updated: 2024-08-04 15:05
    VLAI
    Summary
    Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:05:11.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://amonitoring.ru/article/drweb/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://habr.com/ru/company/pm/blog/509592/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-08T14:34:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://amonitoring.ru/article/drweb/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://habr.com/ru/company/pm/blog/509592/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-23967",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://amonitoring.ru/article/drweb/",
                  "refsource": "MISC",
                  "url": "https://amonitoring.ru/article/drweb/"
                },
                {
                  "name": "https://habr.com/ru/company/pm/blog/509592/",
                  "refsource": "MISC",
                  "url": "https://habr.com/ru/company/pm/blog/509592/"
                },
                {
                  "name": "https://www.youtube.com/watch?v=q7Kqi7kE59U",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-23967",
        "datePublished": "2021-03-08T14:34:09.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:05:11.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-5159 (GCVE-0-2010-5159)

    Vulnerability from cvelistv5 – Published: 2012-08-25 21:00 – Updated: 2025-01-21 19:54 Disputed
    VLAI
    Summary
    Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:39.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
              },
              {
                "name": "39924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/39924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              },
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
              },
              {
                "name": "67660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/67660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.f-secure.com/weblog/archives/00001949.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2010-5159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T19:54:13.008709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T19:54:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
            },
            {
              "name": "39924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/39924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            },
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
            },
            {
              "name": "67660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/67660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.f-secure.com/weblog/archives/00001949.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-5159",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
                },
                {
                  "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
                  "refsource": "MISC",
                  "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
                },
                {
                  "name": "39924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/39924"
                },
                {
                  "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                },
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
                },
                {
                  "name": "67660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/67660"
                },
                {
                  "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
                  "refsource": "MISC",
                  "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
                },
                {
                  "name": "http://www.f-secure.com/weblog/archives/00001949.html",
                  "refsource": "MISC",
                  "url": "http://www.f-secure.com/weblog/archives/00001949.html"
                },
                {
                  "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-5159",
        "datePublished": "2012-08-25T21:00:00.000Z",
        "dateReserved": "2012-08-25T00:00:00.000Z",
        "dateUpdated": "2025-01-21T19:54:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1454 (GCVE-0-2012-1454)

    Vulnerability from cvelistv5 – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/80432 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:00.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "80432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80432"
              },
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "80432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80432"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1454",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "80432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80432"
                },
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1454",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:00.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1447 (GCVE-0-2012-1447)

    Vulnerability from cvelistv5 – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:00
    VLAI
    Summary
    The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/80432 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    http://www.securityfocus.com/bid/52601 vdb-entryx_refsource_BID
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:00:59.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "80432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80432"
              },
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              },
              {
                "name": "52601",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "80432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80432"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "52601",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "80432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80432"
                },
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                },
                {
                  "name": "52601",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1447",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:00:59.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1453 (GCVE-0-2012-1453)

    Vulnerability from cvelistv5 – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/80487 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80484 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80482 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80489 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80488 vdb-entryx_refsource_OSVDB
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    http://osvdb.org/80486 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/52621 vdb-entryx_refsource_BID
    http://osvdb.org/80483 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80485 vdb-entryx_refsource_OSVDB
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:01.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "name": "80487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80487"
              },
              {
                "name": "80484",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80484"
              },
              {
                "name": "80482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80482"
              },
              {
                "name": "80489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80489"
              },
              {
                "name": "80488",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80488"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              },
              {
                "name": "80486",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80486"
              },
              {
                "name": "52621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52621"
              },
              {
                "name": "80483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80483"
              },
              {
                "name": "80485",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "name": "80487",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80487"
            },
            {
              "name": "80484",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80484"
            },
            {
              "name": "80482",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80482"
            },
            {
              "name": "80489",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80489"
            },
            {
              "name": "80488",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80488"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "80486",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80486"
            },
            {
              "name": "52621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52621"
            },
            {
              "name": "80483",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80483"
            },
            {
              "name": "80485",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "80487",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80487"
                },
                {
                  "name": "80484",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80484"
                },
                {
                  "name": "80482",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80482"
                },
                {
                  "name": "80489",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80489"
                },
                {
                  "name": "80488",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80488"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                },
                {
                  "name": "80486",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80486"
                },
                {
                  "name": "52621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52621"
                },
                {
                  "name": "80483",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80483"
                },
                {
                  "name": "80485",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1453",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:01.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5526 (GCVE-0-2008-5526)

    Vulnerability from cvelistv5 – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4723 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499043/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/498995/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:46.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "multiple-antivirus-mzheader-code-execution(47435)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
              },
              {
                "name": "4723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4723"
              },
              {
                "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
              },
              {
                "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "multiple-antivirus-mzheader-code-execution(47435)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
            },
            {
              "name": "4723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4723"
            },
            {
              "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
            },
            {
              "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5526",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "multiple-antivirus-mzheader-code-execution(47435)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
                },
                {
                  "name": "4723",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4723"
                },
                {
                  "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
                },
                {
                  "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5526",
        "datePublished": "2008-12-12T18:13:00.000Z",
        "dateReserved": "2008-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:46.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28130 (GCVE-0-2021-28130)

    Vulnerability from nvd – Published: 2021-09-24 15:27 – Updated: 2024-08-03 21:33
    VLAI
    Summary
    Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:33:17.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://habr.com/ru/company/pm/blog/579328/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-24T15:29:20.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://habr.com/ru/company/pm/blog/579328/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28130",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://news.drweb.ru/show/?i=14180\u0026lng=ru",
                  "refsource": "MISC",
                  "url": "https://news.drweb.ru/show/?i=14180\u0026lng=ru"
                },
                {
                  "name": "https://habr.com/ru/company/pm/blog/579328/",
                  "refsource": "MISC",
                  "url": "https://habr.com/ru/company/pm/blog/579328/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28130",
        "datePublished": "2021-09-24T15:27:56.000Z",
        "dateReserved": "2021-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:33:17.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-23967 (GCVE-0-2020-23967)

    Vulnerability from nvd – Published: 2021-03-08 14:34 – Updated: 2024-08-04 15:05
    VLAI
    Summary
    Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:05:11.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://amonitoring.ru/article/drweb/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://habr.com/ru/company/pm/blog/509592/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-08T14:34:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://amonitoring.ru/article/drweb/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://habr.com/ru/company/pm/blog/509592/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-23967",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://amonitoring.ru/article/drweb/",
                  "refsource": "MISC",
                  "url": "https://amonitoring.ru/article/drweb/"
                },
                {
                  "name": "https://habr.com/ru/company/pm/blog/509592/",
                  "refsource": "MISC",
                  "url": "https://habr.com/ru/company/pm/blog/509592/"
                },
                {
                  "name": "https://www.youtube.com/watch?v=q7Kqi7kE59U",
                  "refsource": "MISC",
                  "url": "https://www.youtube.com/watch?v=q7Kqi7kE59U"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-23967",
        "datePublished": "2021-03-08T14:34:09.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:05:11.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-5159 (GCVE-0-2010-5159)

    Vulnerability from nvd – Published: 2012-08-25 21:00 – Updated: 2025-01-21 19:54 Disputed
    VLAI
    Summary
    Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:09:39.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
              },
              {
                "name": "39924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/39924"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              },
              {
                "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
              },
              {
                "name": "67660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/67660"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.f-secure.com/weblog/archives/00001949.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2010-5159",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T19:54:13.008709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-362",
                    "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T19:54:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-08-25T21:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
            },
            {
              "name": "39924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/39924"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            },
            {
              "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
            },
            {
              "name": "67660",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/67660"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.f-secure.com/weblog/archives/00001949.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-5159",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack.  NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
                },
                {
                  "name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
                  "refsource": "MISC",
                  "url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
                },
                {
                  "name": "39924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/39924"
                },
                {
                  "name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                },
                {
                  "name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
                },
                {
                  "name": "67660",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/67660"
                },
                {
                  "name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
                  "refsource": "MISC",
                  "url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
                },
                {
                  "name": "http://www.f-secure.com/weblog/archives/00001949.html",
                  "refsource": "MISC",
                  "url": "http://www.f-secure.com/weblog/archives/00001949.html"
                },
                {
                  "name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
                  "refsource": "MISC",
                  "url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-5159",
        "datePublished": "2012-08-25T21:00:00.000Z",
        "dateReserved": "2012-08-25T00:00:00.000Z",
        "dateUpdated": "2025-01-21T19:54:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1454 (GCVE-0-2012-1454)

    Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/80432 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:00.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "80432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80432"
              },
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "80432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80432"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1454",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "80432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80432"
                },
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1454",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:00.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1453 (GCVE-0-2012-1453)

    Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
    VLAI
    Summary
    The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/80487 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80484 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80482 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80489 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80488 vdb-entryx_refsource_OSVDB
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    http://osvdb.org/80486 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/52621 vdb-entryx_refsource_BID
    http://osvdb.org/80483 vdb-entryx_refsource_OSVDB
    http://osvdb.org/80485 vdb-entryx_refsource_OSVDB
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:01:01.269Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "name": "80487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80487"
              },
              {
                "name": "80484",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80484"
              },
              {
                "name": "80482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80482"
              },
              {
                "name": "80489",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80489"
              },
              {
                "name": "80488",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80488"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              },
              {
                "name": "80486",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80486"
              },
              {
                "name": "52621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52621"
              },
              {
                "name": "80483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80483"
              },
              {
                "name": "80485",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80485"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "name": "80487",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80487"
            },
            {
              "name": "80484",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80484"
            },
            {
              "name": "80482",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80482"
            },
            {
              "name": "80489",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80489"
            },
            {
              "name": "80488",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80488"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "80486",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80486"
            },
            {
              "name": "52621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52621"
            },
            {
              "name": "80483",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80483"
            },
            {
              "name": "80485",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80485"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1453",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "80487",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80487"
                },
                {
                  "name": "80484",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80484"
                },
                {
                  "name": "80482",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80482"
                },
                {
                  "name": "80489",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80489"
                },
                {
                  "name": "80488",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80488"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                },
                {
                  "name": "80486",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80486"
                },
                {
                  "name": "52621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52621"
                },
                {
                  "name": "80483",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80483"
                },
                {
                  "name": "80485",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80485"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1453",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:01:01.269Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1447 (GCVE-0-2012-1447)

    Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:00
    VLAI
    Summary
    The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/80432 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/522005 mailing-listx_refsource_BUGTRAQ
    http://www.ieee-security.org/TC/SP2012/program.html x_refsource_MISC
    http://www.securityfocus.com/bid/52601 vdb-entryx_refsource_BID
    Date Public
    2012-03-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:00:59.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "80432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/80432"
              },
              {
                "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/522005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ieee-security.org/TC/SP2012/program.html"
              },
              {
                "name": "52601",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52601"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-05T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "80432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/80432"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "52601",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52601"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "80432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/80432"
                },
                {
                  "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/522005"
                },
                {
                  "name": "http://www.ieee-security.org/TC/SP2012/program.html",
                  "refsource": "MISC",
                  "url": "http://www.ieee-security.org/TC/SP2012/program.html"
                },
                {
                  "name": "52601",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52601"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1447",
        "datePublished": "2012-03-21T10:00:00.000Z",
        "dateReserved": "2012-02-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:00:59.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-5526 (GCVE-0-2008-5526)

    Vulnerability from nvd – Published: 2008-12-12 18:13 – Updated: 2024-08-07 10:56
    VLAI
    Summary
    DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securityreason.com/securityalert/4723 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/archive/1/499043/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/498995/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:56:46.875Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "multiple-antivirus-mzheader-code-execution(47435)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
              },
              {
                "name": "4723",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4723"
              },
              {
                "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
              },
              {
                "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "multiple-antivirus-mzheader-code-execution(47435)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
            },
            {
              "name": "4723",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4723"
            },
            {
              "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
            },
            {
              "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-5526",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "multiple-antivirus-mzheader-code-execution(47435)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
                },
                {
                  "name": "4723",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4723"
                },
                {
                  "name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
                },
                {
                  "name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-5526",
        "datePublished": "2008-12-12T18:13:00.000Z",
        "dateReserved": "2008-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:56:46.875Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }