Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
73 vulnerabilities by norman
VAR-200009-0023
Vulnerability from variot - Updated: 2024-07-23 20:18VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. " Opera Software "and" Adobe Vulnerability information on " : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. VMWare is a virtual PC software that allows two or more Windows, DOS, and LINUX systems to run simultaneously on a single machine. The VMWare Tools package used in VMWare products does not properly access the function library. An attacker can exploit this issue by enticing a user to open a malicious file from a network share. The issue can be exploited on Windows guest operating systems Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects the following products: Workstation Player ACE Server Fusion ESX ESXi NOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09 Updated on: 2010-04-09 (initial release of advisory) CVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042 CVE-2009-1564 CVE-2009-1565 CVE-2009-3732 CVE-2009-3707 CVE-2010-1138 CVE-2010-1139 CVE-2010-1141
Notes: Effective May 2010, VMware's patch and update release program during Extended Support will be continued with the condition that all subsequent patch and update releases will be based on the latest baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1, ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section "End of Product Availability FAQs" at http://www.vmware.com/support/policies/lifecycle/vi/faq.html for details.
Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan to upgrade to at least ESX 3.0.3 and preferably to the newest release available.
Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan to upgrade to at least ESX 3.5 and preferably to the newest release available.
End of General Support for VMware Workstation 6.x is 2011-04-27, users should plan to upgrade to the newest release available.
End of General Support for VMware Server 2.0 is 2011-06-30, users should plan to upgrade to the newest release of either ESXi or VMware Player.
Extended support for Virtual Center 2.0.2 is 2011-12-10, users should plan to upgrade to the newest release of vCenter Server.
- Problem Description
a. This file could be in any file format.
VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS
Security (http://www.acrossecurity.com) for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1141 to this issue.
Steps needed to remediate this vulnerability:
Guest systems on VMware Workstation, Player, ACE, Server, Fusion
- Install the remediated version of Workstation, Player, ACE,
Server and Fusion.
- Upgrade tools in the virtual machine (virtual machine users
will be prompted to upgrade).
Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5
- Install the relevant patches (see below for patch identifiers)
- Manually upgrade tools in the virtual machine (virtual machine
users will not be prompted to upgrade). Note the VI Client will
not show the VMware tools is out of date in the summary tab.
Please see http://tinyurl.com/27mpjo page 80 for details.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. See above for remediation
details. On most
recent versions of Windows (XP, Vista) the attacker would need to
have administrator privileges to plant the malicious executable in
the right location.
Steps needed to remediate this vulnerability: See section 3.a.
VMware would like to thank Mitja Kolsek of ACROS Security
(http://www.acrossecurity.com) for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1142 to this issue.
Refer to the previous table in section 3.a for what action
remediates the vulnerability (column 4) if a solution is
available. See above for remediation details.
c. Windows-based VMware Workstation and Player host privilege escalation
A vulnerability in the USB service allows for a privilege
escalation. A local attacker on the host of a Windows-based
Operating System where VMware Workstation or VMware Player
is installed could plant a malicious executable on the host and
elevate their privileges.
In order for an attacker to exploit the vulnerability, the attacker
would need to be able to plant their malicious executable in a
certain location on the host machine. On most recent versions of
Windows (XP, Vista) the attacker would need to have administrator
privileges to plant the malicious executable in the right location.
VMware would like to thank Thierry Zoller for reporting this issue
to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-1140 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 7.0 Windows 7.0.1 build 227600 or later
Workstation 7.0 Linux not affected
Workstation 6.5.x any not affected
Player 3.0 Windows 3.0.1 build 227600 or later
Player 3.0 Linux not affected
Player 2.5.x any not affected
Ace any any not affected
Server 2.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
d. Third party library update for libpng to version 1.2.37
The libpng libraries through 1.2.35 contain an uninitialized-
memory-read bug that may have security implications.
Specifically, 1-bit (2-color) interlaced images whose widths are
not divisible by 8 may result in several uninitialized bits at the
end of certain rows in certain interlace passes being returned to
the user. An application that failed to mask these out-of-bounds
pixels might display or process them, albeit presumably with benign
results in most cases.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2042 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. VMware VMnc Codec heap overflow vulnerabilities
The VMware movie decoder contains the VMnc media codec that is
required to play back movies recorded with VMware Workstation,
VMware Player and VMware ACE, in any compatible media player. The
movie decoder is installed as part of VMware Workstation, VMware
Player and VMware ACE, or can be downloaded as a stand alone
package.
For an attack to be successful the user must be tricked into
visiting a malicious web page or opening a malicious video file on
a system that has the vulnerable version of the VMnc codec installed.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1564 and CVE-2009-1565 to these
issues.
VMware would like to thank iDefense, Sebastien Renaud of VUPEN
Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop
of Secunia Research for reporting these issues to us.
To remediate the above issues either install the stand alone movie
decoder or update your product using the table below.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Movie Decoder any Windows 6.5.4 Build 246459 or later
Workstation 7.x any not affected
Workstation 6.5.x Windows 6.5.4 build 246459 or later
Workstation 6.5.x Linux not affected
Player 3.x any not affected
Player 2.5.x Windows 2.5.4 build 246459 or later
Player 2.5.x Linux not affected
ACE any any not affected
Server 2.x Window not being addressed at this time
Server 2.x Linux not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
f. Exploitation of this issue may lead to arbitrary code execution on the system where VMrc is installed. Code execution would be at the privilege level of the user.
VMrc is present on a system if the VMrc browser plug-in has been
installed. This plug-in is required when using the console feature in
WebAccess. Installation of the plug-in follows after visiting the
console tab in WebAccess and choosing "Install plug-in". The plug-
in can only be installed on Internet Explorer and Firefox.
Under the following two conditions your version of VMrc is likely
to be affected:
- the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0
without patch ESX400-200911223-UG and
- VMrc is installed on a Windows-based system
The following steps allow you to determine if you have an affected
version of VMrc installed:
- Locate the VMrc executable vmware-vmrc.exe on your Windows-based
system
- Right click and go to Properties
- Go to the tab "Versions"
- Click "File Version" in the "Item Name" window
- If the "Value" window shows "e.x.p build-158248", the version of
VMrc is affected
Remediation of this issue on Windows-based systems requires the
following steps (Linux-based systems are not affected):
- Uninstall affected versions of VMrc from the systems where the
VMrc plug-in has been installed (use the Windows Add/Remove
Programs interface)
- Install vCenter 4.0 Update 1 or install the ESX 4.0 patch
ESX400-200911223-UG
- Login into vCenter 4.0 Update 1 or ESX 4.0 with patch
ESX400-200911223-UG using WebAccess on the system where the VMrc
needs to be re-installed
- Re-install VMrc by going to the console tab in WebAccess. The
Console tab is selectable after selecting a virtual machine.
Note: the VMrc plug-in for Firefox on Windows-based operating
systems is no longer compatible after the above remediation steps.
Users are advised to use the Internet Explorer VMrc plug-in.
VMware would like to thank Alexey Sintsov from Digital Security
Research Group for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-3732 to this issue.
g. Windows-based VMware authd remote denial of service
A vulnerability in vmware-authd could cause a denial of service
condition on Windows-based hosts. The denial of service is limited
to a crash of authd.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3707 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. Potential information leak via hosted networking stack
A vulnerability in the virtual networking stack of VMware hosted
products could allow host information disclosure.
A guest operating system could send memory from the host vmware-vmx
process to the virtual network adapter and potentially to the
host's physical Ethernet wire.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1138 to this issue.
VMware would like to thank Johann MacDonagh for reporting this
issue to us.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available. Linux-based vmrun format string vulnerability
A format string vulnerability in vmrun could allow arbitrary code
execution.
If a vmrun command is issued and processes are listed, code could
be executed in the context of the user listing the processes.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-1139 to this issue.
VMware would like to thank Thomas Toth-Steiner for reporting this
issue to us.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
VIX API any Windows not affected
VIX API 1.6.x Linux upgrade to VIX API 1.7 or later
VIX API 1.6.x Linux64 upgrade to VIX API 1.7 or later
Workstation 7.x any not affected
Workstation 6.5.x Windows not affected
Workstation 6.5.x Linux 6.5.4 build 246459 or later
Player 3.x any not affected
Player 2.5.x Windows not affected
Player 2.5.x Linux 2.5.4 build 246459 or later
Ace any Windows not affected
Server 2.x Windows not affected
Server 2.x Linux not being fixed at this time
Fusion 3.x Mac OS/X not affected
Fusion 2.x Mac OS/X 2.0.7 build 246742 or later
ESXi any any not affected
ESX any any not affected
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation Movie Decoder stand alone 6.5.4
http://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe md5sum: ea2ac5907ae4c5c323147fe155443ab8 sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29
VMware Workstation 7.0.1
For Windows
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html
Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206
Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984
For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX Release notes: http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html
Workstation for Linux 32-bit with VMware Tools md5sum: a896f7aaedde8799f21b52b89f5fc9ef sha1sum: f6d0789afa7927ca154973a071603a0bd098e697
Workstation for Linux 32-bit without VMware Tools md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874 sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f
Workstation for Linux 64-bit with VMware Tools md5sum: 808682eaa6b202fa29172821f7378768 sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac
Workstation for Linux 64-bit without VMware Tools md5sum: 5116e27e7b13a76693402577bd9fda58 sha1sum: dbcd045a889b95ac14828b8106631b678354e30a
VMware Workstation 6.5.4
For Windows
http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569
For Linux http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX Release Notes: http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 9efb43a604d50e541eb3be7081b8b198 sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: 38760682ad3b2f6bfb4e40f424c95c2a sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 24311492bc515e9bc98eff9b2e7d33a2 sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: ed24296705ad48442549d9cb2b3c0d8d sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8
VMware Player 3.0.1
http://downloads.vmware.com/tryvmware/?p=player&lp=default Release notes: http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html
Player for Windows 32-bit and 64-bit md5sum: 78c92c0242c9540f68a629d4ac49c516 sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf
Player for Linux 32-bit (.bundle) md5sum: e7cd19d39c7bbd1aee582743d76a7863 sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a
Player for Linux 64-bit (.bundle) md5sum: 88b08537c6eea705883dc1755b97738c sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df
VMware VIX API for Windows 32-bit and 64-bit md5sum: 2c46fc7e2516f331eb4dd23154d00a54 sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9
VMware VIX API for 32-bit Linux md5sum: 8b0994a26363246b5e954f97bd5a088d sha1sum: af93da138a158ee6e05780a5c4042414735987b6
VMware VIX API for 64-bit Linux md5sum: ef7b9890c52b1e333f2357760a7fff85 sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d
VMware Player 2.5.4
http://downloads.vmware.com/download/player/player_reg.html Release notes: http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html
Player for Windows 32-bit and 64-bit (.exe) md5sum: 531140a1eeed7d8b71f726b3d32a9174 sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5
Player for Linux (.rpm) md5sum: 1905f61af490f9760bef54450747e708 sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d
Player for Linux (.bundle) md5sum: 74f539005687a4efce7971f7ef019af5 sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7
Player for Linux - 64-bit (.rpm) md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39 sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72
Player for Linux - 64-bit (.bundle) md5sum: 175ce2f9656ff10a1327c0d48f80c65f sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22
VMware ACE 2.6.1
http://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN Release notes: http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html
VMware Workstation for 32-bit and 64-bit Windows with tools md5sum: fc8502a748de3b8f94c5c9571c1f17d2 sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206
VMware Workstation for Windows 32-bit and 64-bit without tools md5sum: 6a18ea3847cb727b03f7890f5643db79 sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984
ACE Management Server Virtual Appliance md5sum: e26d258c511572064e99774fbac9184c sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5
ACE Management Server for Windows md5sum: e970828f2a5a62ac108879033a70f4b6 sha1sum: eca89372eacc78c3130781d0d183715055d64798
ACE Management Server for SUSE Enterprise Linux 9 md5sum: 59b3ad5964daef2844e72fd1765590fc sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f
ACE Management Server for Red Hat Enterprise Linux 4 md5sum: 6623f6a8a645402a1c8c351ec99a1889 sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d
VMware ACE 2.5.4
http://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN Release notes: http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 2dc393fcc4e78dcf2165098a4938699a sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 3935f23d4a074e7a3429a1c80cfd2155 sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3
ACE Management Server for Windows Windows .exe md5sum: 1173bd7da6ed330a262ed4e2eff6562c sha1sum: d9bce88a350aa957f3387f870af763875d4d9110
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208 sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5 sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe
VMware Server 2.0.2
http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html
VMware Server 2 Version 2.0.2 | 203138 - 10/26/09 507 MB EXE image VMware Server 2 for Windows Operating Systems. A master installer file containing all Windows components of VMware Server. md5sum: a6430bcc16ff7b3a29bb8da1704fc38a sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b
VIX API 1.6 for Windows Version 2.0.2 | 203138 - 10/26/09 37 MB image md5sum: 827e65e70803ec65ade62dd27a74407a sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22
For Linux
VMware Server 2 for Linux Operating Systems. Version 2.0.2 | 203138 - 10/26/09 37 MB TAR image md5sum: 95ddea5a0579a35887bd15b083ffea20 sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747
VMware Server 2 for Linux Operating Systems 64-bit version. Version 2.0.2 | 203138 - 10/26/09 452 MB RPM image md5sum: 35c8b176601133749e4055e0034f8be6 sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece
The core application needed to run VMware Server 2, 64-bit version. Version 2.0.2 | 203138 - 10/26/09 451 MB TAR image md5sum: cc7aef813008eeb7150c21547d431b39 sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474
VMware Fusion 3.0.2
http://downloads.vmware.com/download/download.do?downloadGroup=FUS-302 Release notes: http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html
VMware Fusion 3.0.2 (for Intel-based Macs) md5sum: aa17278a4a668eeb9f9467e4e3111ccc sha1sum: 58c3d63705ac90839f7c1ae14264177e1fd56df3
VMware Fusion 3.0.2 Light for Mac (for Intel-based Macs) md5sum: 052ecbbfc4f59a85e2d08b4bd3ef0896 sha1sum: 61e00487f4c649588099647d4a5f47ddf5b8ad01
VMware Fusion 2.0.7
http://downloads.vmware.com/download/download.do?downloadGroup=FUS-207 Release notes: http://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html
VMware Fusion 2.0.7 (for Intel-based Macs) md5sum: a293f5ce6ccc227760640753386e9da6 sha1sum: ddfda92f9baf30e536bc485e42325d173a1aa370
VMware Fusion 2.0.7 Light (for Intel-based Macs) md5sum: d4772d118fb90323f598849e70c21189 sha1sum: 5c1df1597e77ebe0f0555749b281008ca5f2fb77
VIX API 1.7 Version: 1.7 | 2009-08-26 | 186713
VIX API for Window 32-bit and 64-bit Main installation file for Windows 32-bit and 64-bit host md5sum:b494fc3092f07d0f29cc06a19fe61306 sha1sum:aa8638424cb7f25c1e42343134ac9f0bd2c2e0c9
VIX API for Linux 32-bit md5sum:6b0ed8872d8b714363cddc68b6a77008 sha1sum:8a9b12a61641394b347488119a7120eaa47dc2a1
VIX API for Linux 64-bit md5sum:d57aa9f98058d5a386c18e14cc05bf4d sha1sum:3b7d4461ea257e795b322cc080f4ae29a230666b
VIX API Version: 1.8.1 | 2009-10-11 | 207905
VIX API for Windows 32-bit and 64-bit md5sum:4f21e4cb518767bc08045f5a39f5d41f sha1sum:5b8275c549f9d9498bd2ed078557f1ce1986ac12
VIX API for Linux 32-bit md5sum:f347e94d907c26754540d59956ee5d53 sha1sum:6ddc6c9371ba127d04bc83bd55988a6c83366907
VIX API for Linux 64-bit md5sum:b8a3982072d0d42c0c37dd7eb49d686c sha1sum:d044ac3dd42f806bc4ff48ddf584b5e3d82910c8
VIX API Version: 1.10 Beta | 01/28/10 | 222403
VIX API for Windows 32-bit and 64-bit md5sum:ac5b6e9197cb68c302bfac9ed683e3af sha1sum:0d942e7409e88e684bdb65811e7be7f47d631a73
VIX API for Linux 32-bit md5sum:07d1989d042e317eb9d2b3daf269dda7 sha1sum:1e3840d426d7dfff53fa7e1bd22b09b56cf2362c
VIX API for Linux 64-bit md5sum:9b345008e0adec3c044988307294944b sha1sum:7a54a893369c2227f7e8058430c40983168c6e0b
ESXi
ESXi 4.0 bulletin ESXi400-201002402-BG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-193-20100228-731251/ESXi400-201002001.zip md5sum: e5aa2968d389594abdc59cbac7b0183d sha1sum: bb50b3ad7934e3f9e24edc879b35e83b357343b2 http://kb.vmware.com/kb/1018404
ESXi 3.5
ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in ESXe350-200912401-O-BG from December 2009.
The same patch, ESXe350-200912402-T-BG, is also contained in ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update.
In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also included in ESXe350-201003401-O-BG from March 2010.
ESXe350-201002401-O-SG (latest security update) http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip
md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83
http://kb.vmware.com/kb/1015047 (Vi Client)
http://kb.vmware.com/kb/1016665 (VM Tools)
http://kb.vmware.com/kb/1017685 (Firmware)
The three ESXi patches for Firmware "I", VMware Tools "T," and the VI Client "C" are contained in a single offline "O" download file.
ESX
ESX 4.0 bulletin ESX400-201002401-BG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip md5sum: de62cbccaffa4b2b6831617f18c1ccb4 sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab http://kb.vmware.com/kb/1018403
Note: ESX400-201002001 contains the bundle with the security fix, ESX400-201002401-BG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG
ESX 4.0 bulletin ESX400-200911223-UG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip md5sum: 99c1fcafbf0ca105ce73840d686e9914 sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb http://kb.vmware.com/kb/1014842
Note: ESX-4.0.0-update01a contains the bundle with the security fix, ESX400-200911223-UG To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG
ESX 3.5 patch ESX350-200912401-BG http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip md5sum: f1d3589745b4ae933554785aef22bacc sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47 http://kb.vmware.com/kb/1016657
ESX 3.0.3 patch ESX303-201002203-UG http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip md5sum: 49ee56b687707cbe6999836c315f081a http://kb.vmware.com/kb/1018030
ESX 2.5.5 Upgrade Patch 15 http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz md5sum: c346fe510b6e51145570e03083f77357 sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4 http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html
-
References http://www.acrossecurity.com/advisories.htm http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141
-
Change log 2010-04-09 VMSA-2010-0007 Initial security advisory after release of Workstation 6.5.4 and Fusion 2.0.7 on 2010-04-08.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT d58bjKG6Ic7m/TsoJP4M2tw= =Q1zv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA10-238A
Microsoft Windows Insecurely Loads Dynamic Libraries
Original release date: August 26, 2010 Last revised: -- Source: US-CERT
Systems Affected
Any application running on the Microsoft Windows platform that
uses dynamically linked libraries (DLLs) may be affected. Please see the Vendor Information
section of Vulnerability Note VU#707943 for information about
specific vendors. DLLs are typically loaded
when the application is first started; however DLLs may be loaded and unloaded while the application is running. An application can request a DLL file in a variety of ways, and Windows uses several different search algorithms to find DLL files. The interaction between the application and Windows can result in a DLL file being loaded from the current working directory of the application, instead of the Windows system directory or the directory where the application is installed.
The current working directory could be the desktop, a removable storage device such as a USB key, a Windows file share, or a WebDAV location. When a file associated with an application is opened, a DLL in the same directory as the file may be loaded. Although an attacker may not have permission to write to the Windows system or application directories, the attacker may be able to write a DLL to a directory used to store files, or the attacker could provide their own directory.
Attacks against this type of vulnerability have been referred to as "binary planting." Please see Vulnerability Note VU#707943 and Microsoft Security Advisory 2269637 for more information.
II. Impact
By placing a DLL with the correct name (and possibly the relative directory path) in the current working directory, an attacker could execute arbitrary code with the privileges of the application that loads the DLL.
III. Solution
Individual applications that run on the Windows platform may require patches or updates. Microsoft Knowledge Base article KB2264107 describes an update that provides a registry key that can prevent Windows from searching the current working directory for DLL files.
Information about specific solutions for different vendors, general mitigation techniques, and secure ways for applications to load DLLs can be found in the Vendor Information and Solution sections of Vulnerability Note VU#707943.
IV. References
-
Vulnerability Note VU#707943 - http://www.kb.cert.org/vuls/id/707943
-
Microsoft Security Advisory (2269637) - http://www.microsoft.com/technet/security/advisory/2269637.mspx
-
A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm - http://support.microsoft.com/kb/2264107
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA10-238A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA10-238A Feedback VU#707943" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2010 by US-CERT, a government organization.
Background
VMware Player, Server, and Workstation allow emulation of a complete PC on a PC without the usual performance overhead of most emulators.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/vmware-player <= 2.5.5.328052 Vulnerable! 2 app-emulation/vmware-workstation <= 6.5.5.328052 Vulnerable! 3 app-emulation/vmware-server <= 1.0.9.156507 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details.
Impact
Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information.
A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console.
Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS).
Workaround
There is no known workaround at this time.
Gentoo discontinued support for VMware Workstation. We recommend that users unmerge VMware Server:
# emerge --unmerge "app-emulation/vmware-server"
References
[ 1 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 2 ] CVE-2007-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503 [ 3 ] CVE-2007-5671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671 [ 4 ] CVE-2008-0967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967 [ 5 ] CVE-2008-1340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340 [ 6 ] CVE-2008-1361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361 [ 7 ] CVE-2008-1362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362 [ 8 ] CVE-2008-1363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363 [ 9 ] CVE-2008-1364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364 [ 10 ] CVE-2008-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392 [ 11 ] CVE-2008-1447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447 [ 12 ] CVE-2008-1806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806 [ 13 ] CVE-2008-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807 [ 14 ] CVE-2008-1808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808 [ 15 ] CVE-2008-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098 [ 16 ] CVE-2008-2100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100 [ 17 ] CVE-2008-2101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101 [ 18 ] CVE-2008-4915 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915 [ 19 ] CVE-2008-4916 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916 [ 20 ] CVE-2008-4917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917 [ 21 ] CVE-2009-0040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040 [ 22 ] CVE-2009-0909 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909 [ 23 ] CVE-2009-0910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910 [ 24 ] CVE-2009-1244 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244 [ 25 ] CVE-2009-2267 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267 [ 26 ] CVE-2009-3707 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707 [ 27 ] CVE-2009-3732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732 [ 28 ] CVE-2009-3733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733 [ 29 ] CVE-2009-4811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811 [ 30 ] CVE-2010-1137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137 [ 31 ] CVE-2010-1138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138 [ 32 ] CVE-2010-1139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139 [ 33 ] CVE-2010-1140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140 [ 34 ] CVE-2010-1141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141 [ 35 ] CVE-2010-1142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142 [ 36 ] CVE-2010-1143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143 [ 37 ] CVE-2011-3868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200009-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esx",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "2.5.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esxi",
"scope": "eq",
"trust": 3.0,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.9,
"vendor": "vmware",
"version": "2.0.5"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.9,
"vendor": "vmware",
"version": "2.0.4"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.9,
"vendor": "vmware",
"version": "2.0.3"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.6,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.4,
"vendor": "vmware",
"version": "2.x"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.4,
"vendor": "vmware",
"version": "2.x"
},
{
"model": "player",
"scope": "eq",
"trust": 1.4,
"vendor": "vmware",
"version": "2.5.x"
},
{
"model": "ace",
"scope": "eq",
"trust": 1.4,
"vendor": "vmware",
"version": "2.5.x"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "6.5.3"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "player",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.3"
},
{
"model": "player",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": "player",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "ace",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "fusion",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.0.0"
},
{
"model": "ace",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "6.5.0"
},
{
"model": "ace",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.3"
},
{
"model": "player",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "ace",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "2.5.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "abvent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atomix productions",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autodesk",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avast antivirus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bentley",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bittorrent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bitmanagement",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conceiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "corel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyberlink",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemon tools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dassault systemes",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "divx",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ezb",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fengtao",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gfi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "graphisoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gilles vollant",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guidance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "httrack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "izarc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "inkscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "maxthon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microchip",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netstumbler",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "norman",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nullsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pgp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pkware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pixia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "realnetworks",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sisoftware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smart projects",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sonic",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweetscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "teamviewer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "techsmith",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tortoisesvn",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tracker",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "videolan",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winmerge",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wireshark",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wolters kluwer",
"version": null
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "6.5.x"
},
{
"model": "lhaforge",
"scope": "lte",
"trust": 0.8,
"vendor": "claybird",
"version": "1.5.1 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.3"
},
{
"model": "enterprisedirectoryserver",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.4"
},
{
"model": "securebranch",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "soho xp dedicated application securebranch accessmanager ver2.2.18 before"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2"
},
{
"model": "explzh",
"scope": "lte",
"trust": 0.8,
"vendor": "pon",
"version": "v.5.65 and earlier"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "9"
},
{
"model": "securebranch",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "soho vista dedicated application securebranch accessmanager ver3.0.13 before"
},
{
"model": "lunascape",
"scope": "lte",
"trust": 0.8,
"vendor": "lunascape",
"version": "6.3.0 and earlier"
},
{
"model": "securefinger",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "fingerprint authentication runtime ( c / s edition) all versions"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "client v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.5"
},
{
"model": "esmpro/serveragentservice",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "lhmelt",
"scope": "lte",
"trust": 0.8,
"vendor": "micco",
"version": "1.65.1.2 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "download server v7.1"
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "client v5.3"
},
{
"model": "terapad",
"scope": "lte",
"trust": 0.8,
"vendor": "terao progress",
"version": "ver.1.00\\u3000 and earlier"
},
{
"model": "sleipnir",
"scope": "lte",
"trust": 0.8,
"vendor": "fenrir",
"version": "2.9.5 and earlier"
},
{
"model": "securefinger",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "fingerprint authentication utility ad all versions"
},
{
"model": "lhaplus",
"scope": "lte",
"trust": 0.8,
"vendor": "schezo",
"version": "1.57 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.3"
},
{
"model": "infoframe documentskipper",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "downloader v5.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "download contents v8.2"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "vmware",
"version": "5.5.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "workstation",
"version": "6.5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "workstation",
"version": "6.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "workstation",
"version": "6.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "workstation",
"version": "6.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "player",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "player",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "player",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "player",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ace",
"version": "2.5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ace",
"version": "2.5.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ace",
"version": "2.5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "ace",
"version": "2.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "server",
"version": "2.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "server",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "server",
"version": "2.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "2.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "fusion",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esxi",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esxi",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esx",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esx",
"version": "3.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esx",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "esx",
"version": "4.0"
},
{
"model": "workstation build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5118166"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2203138"
},
{
"model": "server build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1156745"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.4"
},
{
"model": "player build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5118166"
},
{
"model": "movie decoder",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.4"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.6"
},
{
"model": "fusion build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2147997"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2"
},
{
"model": "esxi server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esxi server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.5"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "BID",
"id": "39392"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:ace:2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:esx:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:esx:3.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Rad Pop",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
}
],
"trust": 0.6
},
"cve": "CVE-2010-1141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-1141",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "46c824c0-2356-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1141",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#707943",
"trust": 0.8,
"value": "64.13"
},
{
"author": "CNNVD",
"id": "CNNVD-201004-160",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-1141",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. \" Opera Software \"and\" Adobe Vulnerability information on \" : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. VMWare is a virtual PC software that allows two or more Windows, DOS, and LINUX systems to run simultaneously on a single machine. The VMWare Tools package used in VMWare products does not properly access the function library. \nAn attacker can exploit this issue by enticing a user to open a malicious file from a network share. The issue can be exploited on Windows guest operating systems\nSuccessful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects the following products:\nWorkstation\nPlayer\nACE\nServer\nFusion\nESX\nESXi\nNOTE: This issue was previously covered in BID 39345 (VMware Hosted Products VMSA-2010-0007 Multiple Remote and Local Vulnerabilities), but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0007\nSynopsis: VMware hosted products, vCenter Server and ESX\n patches resolve multiple security issues\nIssue date: 2010-04-09\nUpdated on: 2010-04-09 (initial release of advisory)\nCVE numbers: CVE-2010-1142 CVE-2010-1140 CVE-2009-2042\n CVE-2009-1564 CVE-2009-1565 CVE-2009-3732\n CVE-2009-3707 CVE-2010-1138 CVE-2010-1139\n CVE-2010-1141\n- -------------------------------------------------------------------------\n\n1. \n\n2. \n\n Notes:\n Effective May 2010, VMware\u0027s patch and update release program during\n Extended Support will be continued with the condition that all\n subsequent patch and update releases will be based on the latest\n baseline release version as of May 2010 (i.e. ESX 3.0.3 Update 1,\n ESX 3.5 Update 5, and VirtualCenter 2.5 Update 6). Refer to section\n \"End of Product Availability FAQs\" at\n http://www.vmware.com/support/policies/lifecycle/vi/faq.html for\n details. \n\n Extended support for ESX 2.5.5 ends on 2010-06-15. Users should plan\n to upgrade to at least ESX 3.0.3 and preferably to the newest\n release available. \n\n Extended support for ESX 3.0.3 ends on 2011-12-10. Users should plan\n to upgrade to at least ESX 3.5 and preferably to the newest release\n available. \n\n End of General Support for VMware Workstation 6.x is 2011-04-27,\n users should plan to upgrade to the newest release available. \n\n End of General Support for VMware Server 2.0 is 2011-06-30, users\n should plan to upgrade to the newest release of either ESXi or\n VMware Player. \n\n Extended support for Virtual Center 2.0.2 is 2011-12-10, users\n should plan to upgrade to the newest release of vCenter Server. \n\n3. Problem Description\n\n a. This file could be in any file format. \n\n VMware would like to thank Jure Skofic and Mitja Kolsek of ACROS\n Security (http://www.acrossecurity.com) for reporting this issue\n to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-1141 to this issue. \n\n Steps needed to remediate this vulnerability:\n\n Guest systems on VMware Workstation, Player, ACE, Server, Fusion\n - Install the remediated version of Workstation, Player, ACE,\n Server and Fusion. \n - Upgrade tools in the virtual machine (virtual machine users\n will be prompted to upgrade). \n\n Guest systems on ESX 4.0, 3.5, 3.0.3, 2.5.5, ESXi 4.0, 3.5\n - Install the relevant patches (see below for patch identifiers)\n - Manually upgrade tools in the virtual machine (virtual machine\n users will not be prompted to upgrade). Note the VI Client will\n not show the VMware tools is out of date in the summary tab. \n Please see http://tinyurl.com/27mpjo page 80 for details. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. See above for remediation\n details. On most\n recent versions of Windows (XP, Vista) the attacker would need to\n have administrator privileges to plant the malicious executable in\n the right location. \n\n Steps needed to remediate this vulnerability: See section 3.a. \n\n VMware would like to thank Mitja Kolsek of ACROS Security\n (http://www.acrossecurity.com) for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-1142 to this issue. \n\n Refer to the previous table in section 3.a for what action\n remediates the vulnerability (column 4) if a solution is\n available. See above for remediation details. \n\n c. Windows-based VMware Workstation and Player host privilege\n escalation\n\n A vulnerability in the USB service allows for a privilege\n escalation. A local attacker on the host of a Windows-based\n Operating System where VMware Workstation or VMware Player\n is installed could plant a malicious executable on the host and\n elevate their privileges. \n\n In order for an attacker to exploit the vulnerability, the attacker\n would need to be able to plant their malicious executable in a\n certain location on the host machine. On most recent versions of\n Windows (XP, Vista) the attacker would need to have administrator\n privileges to plant the malicious executable in the right location. \n\n VMware would like to thank Thierry Zoller for reporting this issue\n to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2010-1140 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 7.0 Windows 7.0.1 build 227600 or later\n Workstation 7.0 Linux not affected\n Workstation 6.5.x any not affected\n\n Player 3.0 Windows 3.0.1 build 227600 or later\n Player 3.0 Linux not affected\n Player 2.5.x any not affected\n\n Ace any any not affected\n\n Server 2.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\n d. Third party library update for libpng to version 1.2.37\n\n The libpng libraries through 1.2.35 contain an uninitialized-\n memory-read bug that may have security implications. \n Specifically, 1-bit (2-color) interlaced images whose widths are\n not divisible by 8 may result in several uninitialized bits at the\n end of certain rows in certain interlace passes being returned to\n the user. An application that failed to mask these out-of-bounds\n pixels might display or process them, albeit presumably with benign\n results in most cases. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2042 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. VMware VMnc Codec heap overflow vulnerabilities\n\n The VMware movie decoder contains the VMnc media codec that is\n required to play back movies recorded with VMware Workstation,\n VMware Player and VMware ACE, in any compatible media player. The\n movie decoder is installed as part of VMware Workstation, VMware\n Player and VMware ACE, or can be downloaded as a stand alone\n package. \n\n For an attack to be successful the user must be tricked into\n visiting a malicious web page or opening a malicious video file on\n a system that has the vulnerable version of the VMnc codec installed. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1564 and CVE-2009-1565 to these\n issues. \n\n VMware would like to thank iDefense, Sebastien Renaud of VUPEN\n Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop\n of Secunia Research for reporting these issues to us. \n\n To remediate the above issues either install the stand alone movie\n decoder or update your product using the table below. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Movie Decoder any Windows 6.5.4 Build 246459 or later\n\n Workstation 7.x any not affected\n Workstation 6.5.x Windows 6.5.4 build 246459 or later\n Workstation 6.5.x Linux not affected\n\n Player 3.x any not affected\n Player 2.5.x Windows 2.5.4 build 246459 or later\n Player 2.5.x Linux not affected\n\n ACE any any not affected\n\n Server 2.x Window not being addressed at this time\n Server 2.x Linux not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX any ESX not affected\n\nf. \n Exploitation of this issue may lead to arbitrary code execution on\n the system where VMrc is installed. Code execution would be at the privilege level of the user. \n\n VMrc is present on a system if the VMrc browser plug-in has been\n installed. This plug-in is required when using the console feature in\n WebAccess. Installation of the plug-in follows after visiting the\n console tab in WebAccess and choosing \"Install plug-in\". The plug-\n in can only be installed on Internet Explorer and Firefox. \n\n Under the following two conditions your version of VMrc is likely\n to be affected:\n\n - the VMrc plug-in was obtained from vCenter 4.0 or from ESX 4.0\n without patch ESX400-200911223-UG and\n - VMrc is installed on a Windows-based system\n\n The following steps allow you to determine if you have an affected\n version of VMrc installed:\n\n - Locate the VMrc executable vmware-vmrc.exe on your Windows-based\n system\n - Right click and go to Properties\n - Go to the tab \"Versions\"\n - Click \"File Version\" in the \"Item Name\" window\n - If the \"Value\" window shows \"e.x.p build-158248\", the version of\n VMrc is affected\n\n Remediation of this issue on Windows-based systems requires the\n following steps (Linux-based systems are not affected):\n\n - Uninstall affected versions of VMrc from the systems where the\n VMrc plug-in has been installed (use the Windows Add/Remove\n Programs interface)\n - Install vCenter 4.0 Update 1 or install the ESX 4.0 patch\n ESX400-200911223-UG\n - Login into vCenter 4.0 Update 1 or ESX 4.0 with patch\n ESX400-200911223-UG using WebAccess on the system where the VMrc\n needs to be re-installed\n - Re-install VMrc by going to the console tab in WebAccess. The\n Console tab is selectable after selecting a virtual machine. \n\n Note: the VMrc plug-in for Firefox on Windows-based operating\n systems is no longer compatible after the above remediation steps. \n Users are advised to use the Internet Explorer VMrc plug-in. \n\n VMware would like to thank Alexey Sintsov from Digital Security\n Research Group for reporting this issue to us. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-3732 to this issue. \n\n\n g. Windows-based VMware authd remote denial of service\n\n A vulnerability in vmware-authd could cause a denial of service\n condition on Windows-based hosts. The denial of service is limited\n to a crash of authd. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3707 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. Potential information leak via hosted networking stack\n\n A vulnerability in the virtual networking stack of VMware hosted\n products could allow host information disclosure. \n\n A guest operating system could send memory from the host vmware-vmx\n process to the virtual network adapter and potentially to the\n host\u0027s physical Ethernet wire. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-1138 to this issue. \n\n VMware would like to thank Johann MacDonagh for reporting this\n issue to us. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. Linux-based vmrun format string vulnerability\n\n A format string vulnerability in vmrun could allow arbitrary code\n execution. \n\n If a vmrun command is issued and processes are listed, code could\n be executed in the context of the user listing the processes. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-1139 to this issue. \n\n VMware would like to thank Thomas Toth-Steiner for reporting this\n issue to us. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n VIX API any Windows not affected\n VIX API 1.6.x Linux upgrade to VIX API 1.7 or later\n VIX API 1.6.x Linux64 upgrade to VIX API 1.7 or later\n\n Workstation 7.x any not affected\n Workstation 6.5.x Windows not affected\n Workstation 6.5.x Linux 6.5.4 build 246459 or later\n\n Player 3.x any not affected\n Player 2.5.x Windows not affected\n Player 2.5.x Linux 2.5.4 build 246459 or later\n\n Ace any Windows not affected\n\n Server 2.x Windows not affected\n Server 2.x Linux not being fixed at this time\n\n Fusion 3.x Mac OS/X not affected\n Fusion 2.x Mac OS/X 2.0.7 build 246742 or later\n\n ESXi any any not affected\n\n ESX any any not affected\n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation Movie Decoder stand alone 6.5.4\n --------------------------------------------------\n\nhttp://download3.vmware.com/software/wkst/VMware-moviedecoder-6.5.4-246459.exe\n md5sum: ea2ac5907ae4c5c323147fe155443ab8\n sha1sum: 5ca8d1fd45f6a7a6f38019b259c3e836ee4e8f29\n\n VMware Workstation 7.0.1\n ------------------------\n For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-WIN\n Release notes:\n http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n Workstation for Windows 32-bit and 64-bit with VMware Tools\n md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n Workstation for Windows 32-bit and 64-bit without VMware Tools\n md5sum: 6a18ea3847cb727b03f7890f5643db79\n sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n For Linux\n http://downloads.vmware.com/download/download.do?downloadGroup=WKST-701-LX\n Release notes:\n http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html\n\n Workstation for Linux 32-bit with VMware Tools\n md5sum: a896f7aaedde8799f21b52b89f5fc9ef\n sha1sum: f6d0789afa7927ca154973a071603a0bd098e697\n\n Workstation for Linux 32-bit without VMware Tools\n md5sum: 59ecd27bdf3f59be3b4df8f04d1b3874\n sha1sum: 22e1a475069fca5e8d2446bf14661fa6d894d34f\n\n Workstation for Linux 64-bit with VMware Tools\n md5sum: 808682eaa6b202fa29172821f7378768\n sha1sum: a901c45a2a02678b0d1722e8f27152c3af12a7ac\n\n Workstation for Linux 64-bit without VMware Tools\n md5sum: 5116e27e7b13a76693402577bd9fda58\n sha1sum: dbcd045a889b95ac14828b8106631b678354e30a\n\n VMware Workstation 6.5.4\n ------------------------\n For Windows\n\nhttp://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-WIN\n Release Notes:\n http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 2dc393fcc4e78dcf2165098a4938699a\n sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n For Linux\n http://downloads.vmware.com/download/download.do?downloadGroup=WKST-654-LX\n Release Notes:\n http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 9efb43a604d50e541eb3be7081b8b198\n sha1sum: 4240d664f85a11f47288d2279224b26bef92aa8b\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: 38760682ad3b2f6bfb4e40f424c95c2a\n sha1sum: ec78099322b5fb2a737cd74a1978a5c07382dc8a\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 24311492bc515e9bc98eff9b2e7d33a2\n sha1sum: b4947ef09f740440e8a24fc2ba05c0a7c11b82f5\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: ed24296705ad48442549d9cb2b3c0d8d\n sha1sum: 3c0f1efae0a64fa3a41be21b0bfc962f12e0e6d8\n\n\n VMware Player 3.0.1\n -------------------\n http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default\n Release notes:\nhttp://downloads.vmware.com/support/player30/doc/releasenotes_player301.html\n\n Player for Windows 32-bit and 64-bit\n md5sum: 78c92c0242c9540f68a629d4ac49c516\n sha1sum: 7fc255fcd1a6784458012314db1206ed922e92cf\n\n Player for Linux 32-bit (.bundle)\n md5sum: e7cd19d39c7bbd1aee582743d76a7863\n sha1sum: cff76010f0429576288ea1e5a594cd47a2c64f4a\n\n Player for Linux 64-bit (.bundle)\n md5sum: 88b08537c6eea705883dc1755b97738c\n sha1sum: 84f25370d24c03a18968a4f4c8e06cef3d21c2df\n\n VMware VIX API for Windows 32-bit and 64-bit\n md5sum: 2c46fc7e2516f331eb4dd23154d00a54\n sha1sum: 85ceb1b718806c6870e3a918bcc772d1486ccdc9\n\n VMware VIX API for 32-bit Linux\n md5sum: 8b0994a26363246b5e954f97bd5a088d\n sha1sum: af93da138a158ee6e05780a5c4042414735987b6\n\n VMware VIX API for 64-bit Linux\n md5sum: ef7b9890c52b1e333f2357760a7fff85\n sha1sum: dfef8531356de78171e13c4c108ebaeb43eaa62d\n\n VMware Player 2.5.4\n -------------------\n http://downloads.vmware.com/download/player/player_reg.html\n Release notes:\nhttp://downloads.vmware.com/support/player25/doc/releasenotes_player254.html\n\n Player for Windows 32-bit and 64-bit (.exe)\n md5sum: 531140a1eeed7d8b71f726b3d32a9174\n sha1sum: 2500fa8af48452bd0e97040b80c569c3cb4f73e5\n\n Player for Linux (.rpm)\n md5sum: 1905f61af490f9760bef54450747e708\n sha1sum: cf7444c0a6331439c5479a4158112a60eb0e6e8d\n\n Player for Linux (.bundle)\n md5sum: 74f539005687a4efce7971f7ef019af5\n sha1sum: 4c4412c5807ecd00e66886e0e7c43ed61b62aab7\n\n Player for Linux - 64-bit (.rpm)\n md5sum: 013078d7f6adcdbcbaafbf5e0ae11a39\n sha1sum: 7c434173a3fe446ebefce4803bfaa7ab67d1ff72\n\n Player for Linux - 64-bit (.bundle)\n md5sum: 175ce2f9656ff10a1327c0d48f80c65f\n sha1sum: bf7acfdcb44bf345d58f79ad1bcb04816f262d22\n\n\n VMware ACE 2.6.1\n ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-261-WIN\n Release notes:\n http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html\n\n VMware Workstation for 32-bit and 64-bit Windows with tools\n md5sum: fc8502a748de3b8f94c5c9571c1f17d2\n sha1sum: 3de01b355b17363a92d80200ff5e7267b3bde206\n\n VMware Workstation for Windows 32-bit and 64-bit without tools\n md5sum: 6a18ea3847cb727b03f7890f5643db79\n sha1sum: 260b019db4619b0d1d775e5c38cc46b6db250984\n\n ACE Management Server Virtual Appliance\n md5sum: e26d258c511572064e99774fbac9184c\n sha1sum: 9363656b70caa11a31a6229451202d9f8203c1f5\n\n ACE Management Server for Windows\n md5sum: e970828f2a5a62ac108879033a70f4b6\n sha1sum: eca89372eacc78c3130781d0d183715055d64798\n\n ACE Management Server for SUSE Enterprise Linux 9\n md5sum: 59b3ad5964daef2844e72fd1765590fc\n sha1sum: 91048de7665f5dc466f06e2ebc4c08f08026a97f\n\n ACE Management Server for Red Hat Enterprise Linux 4\n md5sum: 6623f6a8a645402a1c8c351ec99a1889\n sha1sum: a6d74ba072c5a513fcf8993edebaaf7f8225c05d\n\n VMware ACE 2.5.4\n ----------------\nhttp://downloads.vmware.com/download/download.do?downloadGroup=ACE-254-WIN\n Release notes:\n http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 2dc393fcc4e78dcf2165098a4938699a\n sha1sum: acfff457860c8c53c637c01f74f8aaa72d1c9569\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 3935f23d4a074e7a3429a1c80cfd2155\n sha1sum: 5b09439a9c840d39ae49fbd7a79732ecd58c52a3\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 1173bd7da6ed330a262ed4e2eff6562c\n sha1sum: d9bce88a350aa957f3387f870af763875d4d9110\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: 0bec2cf8d6ae3bb6976c9d8cc2573208\n sha1sum: f3c6d9ee3357535b1540cedd9e86d723e2ed2134\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 17caa522af79cf1f6b2ebad16a4ac8a5\n sha1sum: cdd6e2a4e3d7ad89f95e60f1af024bea7eaba0fe\n\n\n VMware Server 2.0.2\n -------------------\n http://www.vmware.com/download/server/\n Release notes:\n http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html\n\n VMware Server 2\n Version 2.0.2 | 203138 - 10/26/09\n 507 MB EXE image VMware Server 2 for Windows Operating Systems. A\n master installer file containing all Windows components of VMware\n Server. \n md5sum: a6430bcc16ff7b3a29bb8da1704fc38a\n sha1sum: 39683e7333732cf879ff0b34f66e693dde0e340b\n\n VIX API 1.6 for Windows\n Version 2.0.2 | 203138 - 10/26/09\n 37 MB image\n md5sum: 827e65e70803ec65ade62dd27a74407a\n sha1sum: a14281bc055271a19be3c88026e92304bc3f0e22\n\n For Linux\n\n VMware Server 2 for Linux Operating Systems. \n Version 2.0.2 | 203138 - 10/26/09\n 37 MB TAR image\n md5sum: 95ddea5a0579a35887bd15b083ffea20\n sha1sum: 14cf12063a7480f240ccd96178ad4258cb26a747\n\n VMware Server 2 for Linux Operating Systems 64-bit version. \n Version 2.0.2 | 203138 - 10/26/09\n 452 MB RPM image\n md5sum: 35c8b176601133749e4055e0034f8be6\n sha1sum: e8dc842d89899df5cd3e1136af76f19ca5ccbece\n\n The core application needed to run VMware Server 2, 64-bit version. \n Version 2.0.2 | 203138 - 10/26/09\n 451 MB TAR image\n md5sum: cc7aef813008eeb7150c21547d431b39\n sha1sum: b65d3d46dc947fc7995bda354c4947afabd23474\n\n\n VMware Fusion 3.0.2\n -------------------\n http://downloads.vmware.com/download/download.do?downloadGroup=FUS-302\n Release notes:\nhttp://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html\n\n VMware Fusion 3.0.2 (for Intel-based Macs)\n md5sum: aa17278a4a668eeb9f9467e4e3111ccc\n sha1sum: 58c3d63705ac90839f7c1ae14264177e1fd56df3\n\n VMware Fusion 3.0.2 Light for Mac (for Intel-based Macs)\n md5sum: 052ecbbfc4f59a85e2d08b4bd3ef0896\n sha1sum: 61e00487f4c649588099647d4a5f47ddf5b8ad01\n\n VMware Fusion 2.0.7\n -------------------\n http://downloads.vmware.com/download/download.do?downloadGroup=FUS-207\n Release notes:\nhttp://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html\n\n VMware Fusion 2.0.7 (for Intel-based Macs)\n md5sum: a293f5ce6ccc227760640753386e9da6\n sha1sum: ddfda92f9baf30e536bc485e42325d173a1aa370\n\n VMware Fusion 2.0.7 Light (for Intel-based Macs)\n md5sum: d4772d118fb90323f598849e70c21189\n sha1sum: 5c1df1597e77ebe0f0555749b281008ca5f2fb77\n\n\n VIX API 1.7 Version: 1.7 | 2009-08-26 | 186713\n ----------------------------------------------\n VIX API for Window 32-bit and 64-bit\n Main installation file for Windows 32-bit and 64-bit host\n md5sum:b494fc3092f07d0f29cc06a19fe61306\n sha1sum:aa8638424cb7f25c1e42343134ac9f0bd2c2e0c9\n\n VIX API for Linux 32-bit\n md5sum:6b0ed8872d8b714363cddc68b6a77008\n sha1sum:8a9b12a61641394b347488119a7120eaa47dc2a1\n\n VIX API for Linux 64-bit\n md5sum:d57aa9f98058d5a386c18e14cc05bf4d\n sha1sum:3b7d4461ea257e795b322cc080f4ae29a230666b\n\n VIX API Version: 1.8.1 | 2009-10-11 | 207905\n ---------------------------------------------\n VIX API for Windows 32-bit and 64-bit\n md5sum:4f21e4cb518767bc08045f5a39f5d41f\n sha1sum:5b8275c549f9d9498bd2ed078557f1ce1986ac12\n\n VIX API for Linux 32-bit\n md5sum:f347e94d907c26754540d59956ee5d53\n sha1sum:6ddc6c9371ba127d04bc83bd55988a6c83366907\n\n VIX API for Linux 64-bit\n md5sum:b8a3982072d0d42c0c37dd7eb49d686c\n sha1sum:d044ac3dd42f806bc4ff48ddf584b5e3d82910c8\n\n VIX API Version: 1.10 Beta | 01/28/10 | 222403\n ----------------------------------------------\n VIX API for Windows 32-bit and 64-bit\n md5sum:ac5b6e9197cb68c302bfac9ed683e3af\n sha1sum:0d942e7409e88e684bdb65811e7be7f47d631a73\n\n VIX API for Linux 32-bit\n md5sum:07d1989d042e317eb9d2b3daf269dda7\n sha1sum:1e3840d426d7dfff53fa7e1bd22b09b56cf2362c\n\n VIX API for Linux 64-bit\n md5sum:9b345008e0adec3c044988307294944b\n sha1sum:7a54a893369c2227f7e8058430c40983168c6e0b\n\n\n ESXi\n ----\n ESXi 4.0 bulletin ESXi400-201002402-BG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-193-20100228-731251/ESXi400-201002001.zip\n md5sum: e5aa2968d389594abdc59cbac7b0183d\n sha1sum: bb50b3ad7934e3f9e24edc879b35e83b357343b2\n http://kb.vmware.com/kb/1018404\n\n ESXi 3.5\n --------\n ESXi 3.5 patch ESXe350-200912402-T-BG was first contained in\n ESXe350-200912401-O-BG from December 2009. \n\n The same patch, ESXe350-200912402-T-BG, is also contained in\n ESXe350-201002401-O-SG from February 2010 ESXi 3.5 security update. \n\n In latest non-security ESXi 3.5 update, ESXe350-201003402-T-BG is also\n included in ESXe350-201003401-O-BG from March 2010. \n\n\n ESXe350-201002401-O-SG (latest security update)\n http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip\n\n md5sum: 0c8d4d1c0e3c2aed9f785cf081225d83\n\n http://kb.vmware.com/kb/1015047 (Vi Client)\n\n http://kb.vmware.com/kb/1016665 (VM Tools)\n\n http://kb.vmware.com/kb/1017685 (Firmware)\n\n\n\n The three ESXi patches for Firmware \"I\", VMware Tools \"T,\" and the\n VI Client \"C\" are contained in a single offline \"O\" download file. \n\n\n ESX\n ---\n ESX 4.0 bulletin ESX400-201002401-BG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip\n md5sum: de62cbccaffa4b2b6831617f18c1ccb4\n sha1sum: 4083f191fa4acd6600c9a87e4852f9f5700e91ab\n http://kb.vmware.com/kb/1018403\n\n Note: ESX400-201002001 contains the bundle with the security fix,\n ESX400-201002401-BG\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle ESX400-201002001 -b ESX400-201002401-BG\n\n ESX 4.0 bulletin ESX400-200911223-UG\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-166-20091202-254879/ESX-4.0.0-update01a.zip\n md5sum: 99c1fcafbf0ca105ce73840d686e9914\n sha1sum: aa8a23416271bc28b6b8f6bdbe00045e36314ebb\n http://kb.vmware.com/kb/1014842\n\n Note: ESX-4.0.0-update01a contains the bundle with the security fix,\n ESX400-200911223-UG\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle ESX-4.0.0-update01a -b ESX400-200911223-UG\n\n ESX 3.5 patch ESX350-200912401-BG\n http://download3.vmware.com/software/vi/ESX350-200912401-BG.zip\n md5sum: f1d3589745b4ae933554785aef22bacc\n sha1sum: d1e5a9209b165d43d75f076e556fc028bec4cc47\n http://kb.vmware.com/kb/1016657\n\n ESX 3.0.3 patch ESX303-201002203-UG\n http://download3.vmware.com/software/vi/ESX303-201002203-UG.zip\n md5sum: 49ee56b687707cbe6999836c315f081a\n http://kb.vmware.com/kb/1018030\n\n ESX 2.5.5 Upgrade Patch 15\n http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz\n md5sum: c346fe510b6e51145570e03083f77357\n sha1sum: ef6b19247825fb3fe2c55f8fda3cdd05ac7bb1f4\n http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html\n\n\n5. References\n http://www.acrossecurity.com/advisories.htm\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1564\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1565\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3707\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3732\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1139\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1140\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1141\n\n6. Change log\n2010-04-09 VMSA-2010-0007\nInitial security advisory after release of Workstation 6.5.4 and Fusion\n2.0.7 on 2010-04-08. \n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFLvvM8S2KysvBH1xkRAgu/AJ9RrzlOq/5Ug0t8R4qoi/UwDVJDpACbBGgT\nd58bjKG6Ic7m/TsoJP4M2tw=\n=Q1zv\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA10-238A\n\n\nMicrosoft Windows Insecurely Loads Dynamic Libraries\n\n Original release date: August 26, 2010\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n Any application running on the Microsoft Windows platform that\n uses dynamically linked libraries (DLLs) may be affected. Please see the Vendor Information\n section of Vulnerability Note VU#707943 for information about\n specific vendors. DLLs are typically loaded\n when the application is first started; however DLLs may be loaded\n and unloaded while the application is running. An application can\n request a DLL file in a variety of ways, and Windows uses several\n different search algorithms to find DLL files. The interaction\n between the application and Windows can result in a DLL file being\n loaded from the current working directory of the application,\n instead of the Windows system directory or the directory where the\n application is installed. \n\n The current working directory could be the desktop, a removable\n storage device such as a USB key, a Windows file share, or a WebDAV\n location. When a file associated with an application is opened, a\n DLL in the same directory as the file may be loaded. Although an\n attacker may not have permission to write to the Windows system or\n application directories, the attacker may be able to write a DLL to\n a directory used to store files, or the attacker could provide\n their own directory. \n\n Attacks against this type of vulnerability have been referred to as\n \"binary planting.\" Please see Vulnerability Note VU#707943 and\n Microsoft Security Advisory 2269637 for more information. \n\n\nII. Impact\n\n By placing a DLL with the correct name (and possibly the relative\n directory path) in the current working directory, an attacker could\n execute arbitrary code with the privileges of the application that\n loads the DLL. \n\n\nIII. Solution\n\n Individual applications that run on the Windows platform may\n require patches or updates. Microsoft Knowledge Base article\n KB2264107 describes an update that provides a registry key that can\n prevent Windows from searching the current working directory for\n DLL files. \n\n Information about specific solutions for different vendors, general\n mitigation techniques, and secure ways for applications to load\n DLLs can be found in the Vendor Information and Solution sections\n of Vulnerability Note VU#707943. \n\n\nIV. References\n\n * Vulnerability Note VU#707943 -\n \u003chttp://www.kb.cert.org/vuls/id/707943\u003e\n\n * Microsoft Security Advisory (2269637) -\n \u003chttp://www.microsoft.com/technet/security/advisory/2269637.mspx\u003e\n\n * A new CWDIllegalInDllSearch registry entry is available to control\n the DLL search path algorithm -\n \u003chttp://support.microsoft.com/kb/2264107\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA10-238A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA10-238A Feedback VU#707943\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2010 by US-CERT, a government organization. \n\nBackground\n==========\n\nVMware Player, Server, and Workstation allow emulation of a complete PC\non a PC without the usual performance overhead of most emulators. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/vmware-player\n \u003c= 2.5.5.328052 Vulnerable!\n 2 app-emulation/vmware-workstation\n \u003c= 6.5.5.328052 Vulnerable!\n 3 app-emulation/vmware-server\n \u003c= 1.0.9.156507 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nLocal users may be able to gain escalated privileges, cause a Denial of\nService, or gain sensitive information. \n\nA remote attacker could entice a user to open a specially crafted file,\npossibly resulting in the remote execution of arbitrary code, or a\nDenial of Service. Remote attackers also may be able to spoof DNS\ntraffic, read arbitrary files, or inject arbitrary web script to the\nVMware Server Console. \n\nFurthermore, guest OS users may be able to execute arbitrary code on\nthe host OS, gain escalated privileges on the guest OS, or cause a\nDenial of Service (crash the host OS). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nGentoo discontinued support for VMware Workstation. We recommend that users\nunmerge VMware Server:\n\n # emerge --unmerge \"app-emulation/vmware-server\"\n\nReferences\n==========\n\n[ 1 ] CVE-2007-5269\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[ 2 ] CVE-2007-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503\n[ 3 ] CVE-2007-5671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5671\n[ 4 ] CVE-2008-0967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0967\n[ 5 ] CVE-2008-1340\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1340\n[ 6 ] CVE-2008-1361\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1361\n[ 7 ] CVE-2008-1362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1362\n[ 8 ] CVE-2008-1363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1363\n[ 9 ] CVE-2008-1364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1364\n[ 10 ] CVE-2008-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1392\n[ 11 ] CVE-2008-1447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447\n[ 12 ] CVE-2008-1806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1806\n[ 13 ] CVE-2008-1807\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1807\n[ 14 ] CVE-2008-1808\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1808\n[ 15 ] CVE-2008-2098\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2098\n[ 16 ] CVE-2008-2100\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2100\n[ 17 ] CVE-2008-2101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2101\n[ 18 ] CVE-2008-4915\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4915\n[ 19 ] CVE-2008-4916\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4916\n[ 20 ] CVE-2008-4917\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4917\n[ 21 ] CVE-2009-0040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0040\n[ 22 ] CVE-2009-0909\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0909\n[ 23 ] CVE-2009-0910\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0910\n[ 24 ] CVE-2009-1244\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1244\n[ 25 ] CVE-2009-2267\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2267\n[ 26 ] CVE-2009-3707\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3707\n[ 27 ] CVE-2009-3732\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3732\n[ 28 ] CVE-2009-3733\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3733\n[ 29 ] CVE-2009-4811\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4811\n[ 30 ] CVE-2010-1137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1137\n[ 31 ] CVE-2010-1138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1138\n[ 32 ] CVE-2010-1139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1139\n[ 33 ] CVE-2010-1140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1140\n[ 34 ] CVE-2010-1141\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1141\n[ 35 ] CVE-2010-1142\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1142\n[ 36 ] CVE-2010-1143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1143\n[ 37 ] CVE-2011-3868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3868\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1141"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "BID",
"id": "39392"
},
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "PACKETSTORM",
"id": "88215"
},
{
"db": "PACKETSTORM",
"id": "93209"
},
{
"db": "PACKETSTORM",
"id": "117012"
}
],
"trust": 4.59
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1141",
"trust": 4.0
},
{
"db": "SECUNIA",
"id": "39198",
"trust": 3.1
},
{
"db": "SECUNIA",
"id": "39206",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1023832",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1023833",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#707943",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-238A",
"trust": 1.7
},
{
"db": "BID",
"id": "39392",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2010-0574",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160",
"trust": 1.0
},
{
"db": "BID",
"id": "1699",
"trust": 0.8
},
{
"db": "VUPEN",
"id": "ADV-2010-0852",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "14789",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14788\u203b14789",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "14788",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[SECURITY-ANNOUNCE] 20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20100409 VMSA-2010-0007 VMWARE HOSTED PRODUCTS, VCENTER SERVER AND ESX PATCHES RESOLVE MULTIPLE SECURITY ISSUES",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7C8FB0-463F-11E9-A735-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "46C824C0-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2010-1141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88215",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "93209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117012",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "BID",
"id": "39392"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "88215"
},
{
"db": "PACKETSTORM",
"id": "93209"
},
{
"db": "PACKETSTORM",
"id": "117012"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"id": "VAR-200009-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
}
]
},
"last_update_date": "2024-07-23T20:18:16.537000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VMSA-2010-0007",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
},
{
"title": "HT4105",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4105"
},
{
"title": "HT4105",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
},
{
"title": "Opera Software\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu707943/844993/index.html"
},
{
"title": "Adobe\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu707943/244523/index.html"
},
{
"title": "LhaForge",
"trust": 0.8,
"url": "http://claybird.sakura.ne.jp/garage/lhaforge/index.html"
},
{
"title": "2010.2F9.2F7_ver_6.3.1",
"trust": 0.8,
"url": "http://lunapedia.lunascape.jp/index.php?title=lunascape6#2010.2f9.2f7_ver_6.3.1"
},
{
"title": "Another technique for Fixing DLL Preloading attacks",
"trust": 0.8,
"url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
},
{
"title": "More information about the DLL Preloading remote attack vector",
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"title": "Secure loading of libraries to prevent DLL preloading attacks - Guidance for Software Developers\u3000(Word \u6587\u66f8)",
"trust": 0.8,
"url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-21/secure-loading-of-libraries-to-prevent-dll-preloading.docx"
},
{
"title": "Dynamic-Link Library Security",
"trust": 0.8,
"url": "http://msdn.microsoft.com/ja-jp/library/ff919712%28v=vs.85%29.aspx"
},
{
"title": "2269637",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"title": "Load Library Safely",
"trust": 0.8,
"url": "https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/"
},
{
"title": "DLL \u691c\u7d22\u30d1\u30b9\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5236\u5fa1\u3059\u308b\u65b0\u3057\u3044 CWDIllegalInDllSearch \u30ec\u30b8\u30b9\u30c8\u30ea\u30a8\u30f3\u30c8\u30ea\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2264107"
},
{
"title": "NV11-003",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv11-003.html"
},
{
"title": "Microsoft Windows \u306b\u304a\u3051\u308b DLL \u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.ponsoftware.com/archiver/bug.htm#load_lib"
},
{
"title": "\u691c\u7d22\u30d1\u30b9\u306e\u554f\u984c\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www5f.biglobe.ne.jp/~t-susumu"
},
{
"title": "MHSVI#20100824",
"trust": 0.8,
"url": "http://homepage3.nifty.com/micco/vul/2010/mhsvi20100824.htm"
},
{
"title": "sleipnirsleipnir_295",
"trust": 0.8,
"url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
},
{
"title": "2269637",
"trust": 0.8,
"url": "https://www.microsoft.com/japan/technet/security/advisory/2269637.mspx"
},
{
"title": "\u65b0\u305f\u306a\u30ea\u30e2\u30fc\u30c8\u306e\u653b\u6483\u624b\u6cd5\u306b\u95a2\u3059\u308b\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2269637 \u3092\u516c\u958b",
"trust": 0.8,
"url": "http://blogs.technet.com/b/jpsecurity/archive/2010/08/24/3351474.aspx"
},
{
"title": "\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u5b89\u5168\u306b\u30ed\u30fc\u30c9\u3057\u3066 DLL \u306e\u30d7\u30ea\u30ed\u30fc\u30c9\u653b\u6483\u3092\u9632\u3050 - \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u8005\u5411\u3051\u30ac\u30a4\u30c0\u30f3\u30b9 (Word \u6587\u66f8)",
"trust": 0.8,
"url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-74/secure-loading-of-libraries-to-prevent-dll-preloading_5f00_j.docx"
},
{
"title": "TA10-238A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-238a.html"
},
{
"title": "VMSA - 2010 - 0007: VMware Managed Products, vCenter Server and ESX Multiple Security Patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/155"
},
{
"title": "VMware Security Advisories: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=9a156b22cf9a31c993f6585b6881d5a5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://secunia.com/advisories/39198"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/39206"
},
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1023832"
},
{
"trust": 1.9,
"url": "http://www.securitytracker.com/id?1023833"
},
{
"trust": 1.8,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0007.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html"
},
{
"trust": 1.7,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000090.html"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml"
},
{
"trust": 1.1,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-1-pub.txt"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7020"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/39392"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1141"
},
{
"trust": 0.8,
"url": "http://www.cert.org/blogs/vuls/2008/09/carpet_bombing_and_directory_p.html"
},
{
"trust": 0.8,
"url": "http://blog.mandiant.com/archives/1207"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/en-us/library/aa297182"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/en-us/library/ms684175%28vs.85%29.aspx"
},
{
"trust": 0.8,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-2-pub.txt"
},
{
"trust": 0.8,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-08-18-1-pub.txt"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1699/discuss"
},
{
"trust": 0.8,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.8,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.8,
"url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/cse-2010-2.pdf"
},
{
"trust": 0.8,
"url": "https://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.8,
"url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2264107"
},
{
"trust": 0.8,
"url": "http://www.guninski.com/officedll.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta10-238a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2010-23"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1141"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2010/0852"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20101111.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta10-238a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu707943"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2010-23/"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/707943"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/14788\u203b14789"
},
{
"trust": 0.3,
"url": "http://www.vmware.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3732"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3707"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1015047"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/wkst/vmware-moviedecoder-6.5.4-246459.exe"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/esx/esx-2.5.5-191611-upgrade.tar.gz"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1016665"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/esx25/doc/esx-255-200910-patch.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3707"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-192-20100228-732240/esx400-201002001.zip"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1018404"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx303-201002203-ug.zip"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/lifecycle/vi/faq.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-302"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-254-win"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2042"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/fusion3/doc/releasenotes_fusion_302.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/tryvmware/?p=player\u0026lp=default"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1016657"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1565"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-lx"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-193-20100228-731251/esxi400-201002001.zip"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/player30/doc/releasenotes_player301.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1142"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=fus-207"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1017685"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1139"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/player/player_reg.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/fusion2/doc/releasenotes_fusion_207.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ws65/doc/releasenotes_ws654.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ace26/doc/releasenotes_ace261.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1139"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/server2/doc/releasenotes_vmserver202.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1018030"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2042"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3732"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ws7/doc/releasenotes_ws701.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/player25/doc/releasenotes_player254.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=ace-261-win"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1565"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/server/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1138"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-win"
},
{
"trust": 0.1,
"url": "http://www.vupen.com)"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esx350-200912401-bg.zip"
},
{
"trust": 0.1,
"url": "http://tinyurl.com/27mpjo"
},
{
"trust": 0.1,
"url": "http://www.acrossecurity.com)"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-701-win"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014842"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-166-20091202-254879/esx-4.0.0-update01a.zip"
},
{
"trust": 0.1,
"url": "http://www.acrossecurity.com/advisories.htm"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1138"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1564"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vi/esxe350-201002401-o-sg.zip"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/support/ace25/doc/releasenotes_ace254.html"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=wkst-654-lx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1564"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1018403"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/707943\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/2264107\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4915"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3868"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3732"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1142"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4916"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1140"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2267"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0910"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1362"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1137"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1361"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1139"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1807"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2100"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4916"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1244"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1808"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1807"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1392"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1806"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2267"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3707"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2101"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4917"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2100"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1806"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1392"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1244"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0967"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "BID",
"id": "39392"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "88215"
},
{
"db": "PACKETSTORM",
"id": "93209"
},
{
"db": "PACKETSTORM",
"id": "117012"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"db": "BID",
"id": "39392"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "88215"
},
{
"db": "PACKETSTORM",
"id": "93209"
},
{
"db": "PACKETSTORM",
"id": "117012"
},
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-13T00:00:00",
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"date": "2010-04-13T00:00:00",
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#707943"
},
{
"date": "2010-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"date": "2010-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"date": "2010-04-09T00:00:00",
"db": "BID",
"id": "39392"
},
{
"date": "2010-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"date": "2010-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"date": "2010-04-10T03:16:16",
"db": "PACKETSTORM",
"id": "88215"
},
{
"date": "2010-08-27T02:58:57",
"db": "PACKETSTORM",
"id": "93209"
},
{
"date": "2012-09-30T16:40:15",
"db": "PACKETSTORM",
"id": "117012"
},
{
"date": "2010-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"date": "2010-04-12T18:30:00.663000",
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CERT/CC",
"id": "VU#707943"
},
{
"date": "2010-04-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0574"
},
{
"date": "2017-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1141"
},
{
"date": "2012-10-01T19:10:00",
"db": "BID",
"id": "39392"
},
{
"date": "2010-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001364"
},
{
"date": "2016-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"date": "2010-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201004-160"
},
{
"date": "2017-09-19T01:30:34.547000",
"db": "NVD",
"id": "CVE-2010-1141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VMWare Tools Package Library Reference Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7c8fb0-463f-11e9-a735-000c29342cb1"
},
{
"db": "IVD",
"id": "46c824c0-2356-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-0574"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201004-160"
}
],
"trust": 0.6
}
}
VAR-201008-0241
Vulnerability from variot - Updated: 2024-07-23 19:34Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability.". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. " Opera Software "and" Adobe Vulnerability information on " : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. Microsoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Attachmate Reflection for Secure IT Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44906
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44906
RELEASE DATE: 2011-06-10
DISCUSS ADVISORY: http://secunia.com/advisories/44906/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44906/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44906
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Attachmate has acknowledged multiple vulnerabilities in Reflection for Secure IT, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.
For more information: SA36093 (vulnerability #2) SA44905
The vulnerabilities are reported in version 7.2 prior to SP1 in the following components: * Reflection for Secure IT Windows Server. * Reflection for Secure IT UNIX Client. * Reflection for Secure IT UNIX Server.
SOLUTION: Update to version 7.2 SP1.
ORIGINAL ADVISORY: Attachmate: http://support.attachmate.com/techdocs/2560.html http://support.attachmate.com/techdocs/2564.html http://support.attachmate.com/techdocs/2565.html http://support.attachmate.com/techdocs/2566.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-3 iTunes 12.3
iTunes 12.3 is now available and addresses the following:
iTunes Available for: Windows 7 and later Impact: Applications that use CoreText may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1157 : Apple CVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
iTunes Available for: Windows 7 and later Impact: Applications that use ICU may be vulnerable to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the processing of unicode strings. These issues were addressed by updating ICU to version 55. CVE-ID CVE-2014-8146 CVE-2015-1205
iTunes Available for: Windows 7 and later Impact: Opening a media file may lead to arbitrary code execution Description: A security issue existed in Microsoft Foundation Class's handling of library loading. This issue was addressed by updating to the latest version of the Microsoft Visual C++ Redistributable Package. CVE-ID CVE-2010-3190 : Stefan Kanthak
iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-1152 : Apple CVE-2015-1153 : Apple CVE-2015-3730 : Apple CVE-2015-3731 : Apple CVE-2015-3733 : Apple CVE-2015-3734 : Apple CVE-2015-3735 : Apple CVE-2015-3736 : Apple CVE-2015-3737 : Apple CVE-2015-3738 : Apple CVE-2015-3739 : Apple CVE-2015-3740 : Apple CVE-2015-3741 : Apple CVE-2015-3742 : Apple CVE-2015-3743 : Apple CVE-2015-3744 : Apple CVE-2015-3745 : Apple CVE-2015-3746 : Apple CVE-2015-3747 : Apple CVE-2015-3748 : Apple CVE-2015-3749 : Apple CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5791 : Apple CVE-2015-5792 : Apple CVE-2015-5793 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5798 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5808 : Joe Vennix CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5814 : Apple CVE-2015-5815 : Apple CVE-2015-5816 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple
Software Update Impact: An attacker in a privileged network position may be able to obtain encrypted SMB credentials Description: A redirection issue existed in the handling of certain network connections. This issue was addressed through improved resource validation. CVE-ID CVE-2015-5920 : Cylance
iTunes 12.3 may be obtained from: http://www.apple.com/itunes/download/
You may also update to the latest version of iTunes via Apple Software Update, which can be found in the Start menu.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/ iqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal aGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp mV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2 5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr 7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5 yCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7 LFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH mKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL vHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt jHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo dL48EUi+MBq820BzP1fp =cz5N -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "visual studio",
"scope": "eq",
"trust": 2.7,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 2.4,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "visual c\\+\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "visual c\\+\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "visual c\\+\\+",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual studio .net",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "12.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "abvent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "adobe",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atomix productions",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autodesk",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "avast antivirus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bentley",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bittorrent",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "bitmanagement",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "conceiva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "corel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cyberlink",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "daemon tools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dassault systemes",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "divx",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ezb",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ecava",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fengtao",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gfi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "graphisoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gilles vollant",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "guidance",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "httrack",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "izarc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "inkscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "maxthon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microchip",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netstumbler",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nokia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "norman",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nullsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "opera",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pgp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pkware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pixia",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "realnetworks",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sisoftware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "smart projects",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sonic",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweetscape",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "teamviewer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "techsmith",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tortoisesvn",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tracker",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "videolan",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winmerge",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wireshark",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wolters kluwer",
"version": null
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "12.3 (windows 7 or later )"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": ".net 2003"
},
{
"model": "lhaforge",
"scope": "lte",
"trust": 0.8,
"vendor": "claybird",
"version": "1.5.1 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.3"
},
{
"model": "enterprisedirectoryserver",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.4"
},
{
"model": "securebranch",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "soho xp dedicated application securebranch accessmanager ver2.2.18 before"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.2"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2"
},
{
"model": "explzh",
"scope": "lte",
"trust": 0.8,
"vendor": "pon",
"version": "v.5.65 and earlier"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "9"
},
{
"model": "securebranch",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "soho vista dedicated application securebranch accessmanager ver3.0.13 before"
},
{
"model": "lunascape",
"scope": "lte",
"trust": 0.8,
"vendor": "lunascape",
"version": "6.3.0 and earlier"
},
{
"model": "securefinger",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "fingerprint authentication runtime ( c / s edition) all versions"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "client v7.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.5"
},
{
"model": "esmpro/serveragentservice",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "lhmelt",
"scope": "lte",
"trust": 0.8,
"vendor": "micco",
"version": "1.65.1.2 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "download server v7.1"
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "client v5.3"
},
{
"model": "terapad",
"scope": "lte",
"trust": 0.8,
"vendor": "terao progress",
"version": "ver.1.00\\u3000 and earlier"
},
{
"model": "sleipnir",
"scope": "lte",
"trust": 0.8,
"vendor": "fenrir",
"version": "2.9.5 and earlier"
},
{
"model": "securefinger",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "fingerprint authentication utility ad all versions"
},
{
"model": "lhaplus",
"scope": "lte",
"trust": 0.8,
"vendor": "schezo",
"version": "1.57 and earlier"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.3"
},
{
"model": "infoframe documentskipper",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "downloader v5.3"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "download contents v8.2"
},
{
"model": "visual studio sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20100"
},
{
"model": "visual studio sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "visual studio team edition for testers",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio team edition for developers",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio team edition for architects",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio team edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio premier partner edition enu",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005-8.0.50727.42"
},
{
"model": "visual studio 64-bit hosted visual c++ tools sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual studio sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual studio .net",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "visual studio .net enterprise architect",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "visual studio .net sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "visual c++ redistributable package sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "visual c++ redistributable package",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20100"
},
{
"model": "visual c++ redistributable package sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "visual c++ redistributable package",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"model": "visual c++ redistributable package sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2005"
},
{
"model": "visual c++ redistributable package",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20050"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "exchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20130"
},
{
"model": "exchange server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "atl/mfc trace tool build",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "10.0.30319.1"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10004.0"
},
{
"model": "communication server telephony manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "10003.0"
},
{
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "callpilot",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "reflection",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"model": "reflection suite for",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "x2011"
},
{
"model": "reflection for secure it windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "reflection for secure it windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"model": "reflection for secure it windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"model": "reflection for secure it windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"model": "reflection for secure it unix server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "reflection for secure it unix server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"model": "reflection for secure it unix server",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"model": "reflection for secure it unix client",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "reflection for secure it unix client sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.0"
},
{
"model": "reflection for secure it unix client",
"scope": "eq",
"trust": 0.3,
"vendor": "attachmate",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.72"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.0.163"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6.1.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1.42"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1.10"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4.0.80"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2.12"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "reflection for secure it windows server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "reflection for secure it unix server sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "reflection for secure it unix client sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "attachmate",
"version": "7.2"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "12.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "BID",
"id": "42811"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "0xjudd",
"sources": [
{
"db": "BID",
"id": "42811"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-3190",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-45795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-3190",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#707943",
"trust": 0.8,
"value": "64.13"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-381",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-45795",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\". Some applications for Microsoft Windows may use unsafe methods for determining how to load DLLs. As a result, these applications can be forced to load a DLL from an attacker-controlled source rather than a trusted location. dwmapi.dll It may be possible to get permission through the file. Windows Program DLL There is an attackable vulnerability in reading. Dynamic link Library (DLL) Is a software component that is loaded at run time, not at program compile time. The program is LoadLibrary() And LoadLibraryEx() Using DLL Is read. Read DLL If no path is specified, specific directories are searched in order and found first. DLL Is loaded. Since this directory group includes the current directory of the process, the directory that can be operated by the attacker is set as the current directory. LoadLibrary() If is called, attack code may be executed. This issue can occur when browsing files located in directories that an attacker can manipulate. Read DLL The name depends on the program. DLL Read Windows The entire program may be affected. \" Opera Software \"and\" Adobe Vulnerability information on \" : Mitsui Bussan Secure Direction Co., Ltd. Takashi Yoshikawa MrA remote attacker could execute arbitrary code with the authority to execute the program. Attacker crafted DLL The USB Placing it on a drive or network drive may cause an attack. \nAn attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file. \nMicrosoft ATL/MFC Trace Tool build 10.0.30319.1 is vulnerable; other versions may also be affected. Microsoft Visual Studio is a series of development tool suite products of Microsoft (Microsoft), and it is also a basically complete set of development tools. It includes most of the tools needed throughout the software lifecycle. A remote attacker could exploit this vulnerability to take complete control of an affected system and subsequently install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured with fewer system user rights are less affected than users with administrative user rights. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAttachmate Reflection for Secure IT Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44906\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44906/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nRELEASE DATE:\n2011-06-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44906/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44906/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nAttachmate has acknowledged multiple vulnerabilities in Reflection\nfor Secure IT, which can be exploited by malicious people to bypass\ncertain security restrictions, cause a DoS (Denial of Service), and\ncompromise a user\u0027s system. \n\nFor more information:\nSA36093 (vulnerability #2)\nSA44905\n\nThe vulnerabilities are reported in version 7.2 prior to SP1 in the\nfollowing components:\n* Reflection for Secure IT Windows Server. \n* Reflection for Secure IT UNIX Client. \n* Reflection for Secure IT UNIX Server. \n\nSOLUTION:\nUpdate to version 7.2 SP1. \n\nORIGINAL ADVISORY:\nAttachmate:\nhttp://support.attachmate.com/techdocs/2560.html\nhttp://support.attachmate.com/techdocs/2564.html\nhttp://support.attachmate.com/techdocs/2565.html\nhttp://support.attachmate.com/techdocs/2566.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-3 iTunes 12.3\n\niTunes 12.3 is now available and addresses the following:\n\niTunes\nAvailable for: Windows 7 and later\nImpact: Applications that use CoreText may be vulnerable to\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of text files. These issues were addressed through\nimproved memory handling. \nCVE-ID\nCVE-2015-1157 : Apple\nCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\nCVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team\n\niTunes\nAvailable for: Windows 7 and later\nImpact: Applications that use ICU may be vulnerable to unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of unicode strings. These issues were addressed by\nupdating ICU to version 55. \nCVE-ID\nCVE-2014-8146\nCVE-2015-1205\n\niTunes\nAvailable for: Windows 7 and later\nImpact: Opening a media file may lead to arbitrary code execution\nDescription: A security issue existed in Microsoft Foundation\nClass\u0027s handling of library loading. This issue was addressed by\nupdating to the latest version of the Microsoft Visual C++\nRedistributable Package. \nCVE-ID\nCVE-2010-3190 : Stefan Kanthak\n\niTunes\nAvailable for: Windows 7 and later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may result in unexpected application termination or\narbitrary code execution\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-1152 : Apple\nCVE-2015-1153 : Apple\nCVE-2015-3730 : Apple\nCVE-2015-3731 : Apple\nCVE-2015-3733 : Apple\nCVE-2015-3734 : Apple\nCVE-2015-3735 : Apple\nCVE-2015-3736 : Apple\nCVE-2015-3737 : Apple\nCVE-2015-3738 : Apple\nCVE-2015-3739 : Apple\nCVE-2015-3740 : Apple\nCVE-2015-3741 : Apple\nCVE-2015-3742 : Apple\nCVE-2015-3743 : Apple\nCVE-2015-3744 : Apple\nCVE-2015-3745 : Apple\nCVE-2015-3746 : Apple\nCVE-2015-3747 : Apple\nCVE-2015-3748 : Apple\nCVE-2015-3749 : Apple\nCVE-2015-5789 : Apple\nCVE-2015-5790 : Apple\nCVE-2015-5791 : Apple\nCVE-2015-5792 : Apple\nCVE-2015-5793 : Apple\nCVE-2015-5794 : Apple\nCVE-2015-5795 : Apple\nCVE-2015-5796 : Apple\nCVE-2015-5797 : Apple\nCVE-2015-5798 : Apple\nCVE-2015-5799 : Apple\nCVE-2015-5800 : Apple\nCVE-2015-5801 : Apple\nCVE-2015-5802 : Apple\nCVE-2015-5803 : Apple\nCVE-2015-5804 : Apple\nCVE-2015-5805\nCVE-2015-5806 : Apple\nCVE-2015-5807 : Apple\nCVE-2015-5808 : Joe Vennix\nCVE-2015-5809 : Apple\nCVE-2015-5810 : Apple\nCVE-2015-5811 : Apple\nCVE-2015-5812 : Apple\nCVE-2015-5813 : Apple\nCVE-2015-5814 : Apple\nCVE-2015-5815 : Apple\nCVE-2015-5816 : Apple\nCVE-2015-5817 : Apple\nCVE-2015-5818 : Apple\nCVE-2015-5819 : Apple\nCVE-2015-5821 : Apple\nCVE-2015-5822 : Mark S. Miller of Google\nCVE-2015-5823 : Apple\n\nSoftware Update\nImpact: An attacker in a privileged network position may be able to\nobtain encrypted SMB credentials\nDescription: A redirection issue existed in the handling of certain\nnetwork connections. This issue was addressed through improved\nresource validation. \nCVE-ID\nCVE-2015-5920 : Cylance\n\n\niTunes 12.3 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nYou may also update to the latest version of iTunes via Apple\nSoftware Update, which can be found in the Start menu. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axbAAoJEBcWfLTuOo7tLSYP/1NCYHZeWYxqLnLgHgCcNRF/\niqZ7hq9UgxomXxoDVknvvWc61Z+UW6VIgGzEfzSlO9APIGC7ia1tdKl66oMEYSal\naGt5AJc9c55RuuvgF/IxgICRsuXjHsAmlQb5FPqwe2gSJYxggCfhObdQ/ShbP2kp\nmV8sYiJJiKkYZqFDH17fvtAWV3GZ7CtXfneWDHlerJunbuUzWLpjWcYwbaiD/1C2\n5CTohgHbTMtG2MGRacFXeYAXFhbnr6mXcxy+7Zee3B6x33/ypA/Q+KaIxPv4bssr\n7XXzYin8bdMHlW6MWuCmyzJd2P/4opKvzNeyoZb1BM02k0Fb7SWDMwFA9UVovsX5\nyCNKn0rg1nMhbXLjpob7G0GYfHNeGOy5PqKu3PXF++R4H5kGr9v2CZH+8dIU5+J7\nLFyDSBZ4vlMsCYTRfI1PEUM6w3d+whrBl9vagVeJZG5gkSrZXftALjZsQXUhgqZH\nmKDcSj/leCTbbbHMPq/NngQuUXzVRe+SJwVtSJEfQSg2yGCdBGTsjqftcOeDgVUL\nvHR0KkZ4lVx5Aq48XFfXXvn5d3g+kP5pTeVbGdWFmf7XNDp3Vap5ATlTF5UF4EKt\njHPGMzWZwvEkdzDryynsTzrMR3TjTb7dDtXH6LEoKfOwIyxnH6+g8K1DbgdXgiJo\ndL48EUi+MBq820BzP1fp\n=cz5N\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3190"
},
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "BID",
"id": "42811"
},
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "PACKETSTORM",
"id": "102169"
},
{
"db": "PACKETSTORM",
"id": "133618"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-45795",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45795"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3190",
"trust": 2.9
},
{
"db": "BID",
"id": "42811",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA11-102A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "41212",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#707943",
"trust": 1.6
},
{
"db": "USCERT",
"id": "TA10-238A",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "44906",
"trust": 0.9
},
{
"db": "BID",
"id": "1699",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "44905",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "40983",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1025630",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1025346",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA11-102A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "133618",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-45795",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102169",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "BID",
"id": "42811"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "102169"
},
{
"db": "PACKETSTORM",
"id": "133618"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"id": "VAR-201008-0241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-45795"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:34:29.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-09-16-3 iTunes 12.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
},
{
"title": "HT205221",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht205221"
},
{
"title": "HT205221",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205221"
},
{
"title": "MS11-025",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
},
{
"title": "MS11-025",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms11-025.mspx"
},
{
"title": "MS11-025e",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/security/bulletins/ms11-025e.mspx"
},
{
"title": "TA11-102A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta11-102a.html"
},
{
"title": "HT4105",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4105"
},
{
"title": "HT4105",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht4105?viewlocale=ja_jp"
},
{
"title": "Opera Software\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu707943/844993/index.html"
},
{
"title": "Adobe\u304b\u3089\u306e\u60c5\u5831",
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu707943/244523/index.html"
},
{
"title": "LhaForge",
"trust": 0.8,
"url": "http://claybird.sakura.ne.jp/garage/lhaforge/index.html"
},
{
"title": "2010.2F9.2F7_ver_6.3.1",
"trust": 0.8,
"url": "http://lunapedia.lunascape.jp/index.php?title=lunascape6#2010.2f9.2f7_ver_6.3.1"
},
{
"title": "Another technique for Fixing DLL Preloading attacks",
"trust": 0.8,
"url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
},
{
"title": "More information about the DLL Preloading remote attack vector",
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"title": "Secure loading of libraries to prevent DLL preloading attacks - Guidance for Software Developers\u3000(Word \u6587\u66f8)",
"trust": 0.8,
"url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-21/secure-loading-of-libraries-to-prevent-dll-preloading.docx"
},
{
"title": "Dynamic-Link Library Security",
"trust": 0.8,
"url": "http://msdn.microsoft.com/ja-jp/library/ff919712%28v=vs.85%29.aspx"
},
{
"title": "2269637",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"title": "Load Library Safely",
"trust": 0.8,
"url": "https://blogs.technet.microsoft.com/srd/2014/05/13/load-library-safely/"
},
{
"title": "DLL \u691c\u7d22\u30d1\u30b9\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u5236\u5fa1\u3059\u308b\u65b0\u3057\u3044 CWDIllegalInDllSearch \u30ec\u30b8\u30b9\u30c8\u30ea\u30a8\u30f3\u30c8\u30ea\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2264107"
},
{
"title": "NV11-003",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv11-003.html"
},
{
"title": "Microsoft Windows \u306b\u304a\u3051\u308b DLL \u8aad\u307f\u8fbc\u307f\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.ponsoftware.com/archiver/bug.htm#load_lib"
},
{
"title": "\u691c\u7d22\u30d1\u30b9\u306e\u554f\u984c\u306b\u8d77\u56e0\u3059\u308b\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www7a.biglobe.ne.jp/~schezo/dll_vul.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www5f.biglobe.ne.jp/~t-susumu"
},
{
"title": "MHSVI#20100824",
"trust": 0.8,
"url": "http://homepage3.nifty.com/micco/vul/2010/mhsvi20100824.htm"
},
{
"title": "sleipnirsleipnir_295",
"trust": 0.8,
"url": "http://www.fenrir.co.jp/blog/2010/10/sleipnirsleipnir_295.html"
},
{
"title": "2269637",
"trust": 0.8,
"url": "https://www.microsoft.com/japan/technet/security/advisory/2269637.mspx"
},
{
"title": "\u65b0\u305f\u306a\u30ea\u30e2\u30fc\u30c8\u306e\u653b\u6483\u624b\u6cd5\u306b\u95a2\u3059\u308b\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea 2269637 \u3092\u516c\u958b",
"trust": 0.8,
"url": "http://blogs.technet.com/b/jpsecurity/archive/2010/08/24/3351474.aspx"
},
{
"title": "\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u5b89\u5168\u306b\u30ed\u30fc\u30c9\u3057\u3066 DLL \u306e\u30d7\u30ea\u30ed\u30fc\u30c9\u653b\u6483\u3092\u9632\u3050 - \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u958b\u767a\u8005\u5411\u3051\u30ac\u30a4\u30c0\u30f3\u30b9 (Word \u6587\u66f8)",
"trust": 0.8,
"url": "http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-35-14-74/secure-loading-of-libraries-to-prevent-dll-preloading_5f00_j.docx"
},
{
"title": "TA10-238A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta10-238a.html"
},
{
"title": "Microsoft ATL/MFC Tracking tool DLL Fixing measures for loading code bugs",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134164"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/42811"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta11-102a.html"
},
{
"trust": 2.0,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2010-3190"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00003.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht205221"
},
{
"trust": 1.7,
"url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12457"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41212"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnta10-238a"
},
{
"trust": 1.1,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 1.1,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 1.1,
"url": "https://www.microsoft.com/technet/security/advisory/2269637.mspx"
},
{
"trust": 1.1,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/44906/"
},
{
"trust": 0.8,
"url": "http://www.cert.org/blogs/vuls/2008/09/carpet_bombing_and_directory_p.html"
},
{
"trust": 0.8,
"url": "http://blog.mandiant.com/archives/1207"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/en-us/library/aa297182"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/en-us/library/ms684175%28vs.85%29.aspx"
},
{
"trust": 0.8,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-1-pub.txt"
},
{
"trust": 0.8,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-04-12-2-pub.txt"
},
{
"trust": 0.8,
"url": "http://www.acrossecurity.com/aspr/aspr-2010-08-18-1-pub.txt"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1699/discuss"
},
{
"trust": 0.8,
"url": "http://www.cs.ucdavis.edu/research/tech-reports/2010/cse-2010-2.pdf"
},
{
"trust": 0.8,
"url": "http://blogs.msdn.com/b/david_leblanc/archive/2010/08/23/another-technique-for-fixing-dll-preloading-attacks.aspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/2264107"
},
{
"trust": 0.8,
"url": "http://www.guninski.com/officedll.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3190"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2011/at110008.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta11-102a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2010-23"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3190"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/40983/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/41212/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/44905/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id/1025630"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/id/1025346"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa11-102a.html"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/important/topics-bn.html"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20101111.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu707943"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/jvntr-2010-23/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-238a.html"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/707943"
},
{
"trust": 0.4,
"url": "http://support.attachmate.com/techdocs/2566.html"
},
{
"trust": 0.4,
"url": "http://support.attachmate.com/techdocs/2564.html"
},
{
"trust": 0.4,
"url": "http://support.attachmate.com/techdocs/2560.html"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/msrc/archive/2010/08/21/microsoft-security-advisory-2269637-released.aspx"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht205221"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100133982"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms11-018.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms11-025.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/en-us/download/details.aspx?id=27049"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44906"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44906/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://support.attachmate.com/techdocs/2565.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3733"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1157"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3742"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3739"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "BID",
"id": "42811"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "102169"
},
{
"db": "PACKETSTORM",
"id": "133618"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#707943"
},
{
"db": "VULHUB",
"id": "VHN-45795"
},
{
"db": "BID",
"id": "42811"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"db": "PACKETSTORM",
"id": "102169"
},
{
"db": "PACKETSTORM",
"id": "133618"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-25T00:00:00",
"db": "CERT/CC",
"id": "VU#707943"
},
{
"date": "2010-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-45795"
},
{
"date": "2010-08-27T00:00:00",
"db": "BID",
"id": "42811"
},
{
"date": "2011-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"date": "2010-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"date": "2011-06-10T12:17:07",
"db": "PACKETSTORM",
"id": "102169"
},
{
"date": "2015-09-19T15:35:19",
"db": "PACKETSTORM",
"id": "133618"
},
{
"date": "2010-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"date": "2010-08-31T20:00:02.297000",
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-13T00:00:00",
"db": "CERT/CC",
"id": "VU#707943"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-45795"
},
{
"date": "2018-10-09T19:00:00",
"db": "BID",
"id": "42811"
},
{
"date": "2015-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001916"
},
{
"date": "2016-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001999"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-381"
},
{
"date": "2020-11-16T19:33:52.007000",
"db": "NVD",
"id": "CVE-2010-3190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Windows based applications may insecurely load dynamic libraries",
"sources": [
{
"db": "CERT/CC",
"id": "VU#707943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-381"
}
],
"trust": 0.6
}
}
VAR-201203-0364
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \7fELF ( backslash 7fELF) Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1425
- Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1446
- 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.
Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1456
- If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.6,
"vendor": "cat",
"version": "11.00"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 antimalware engine 1.1.6402.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.6402"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
}
],
"sources": [
{
"db": "BID",
"id": "52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1420"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52615"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1420",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54701",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1420",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54701",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \\7fELF ( backslash 7fELF) Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n CVE no - \n CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. \n\n Affected products -\n AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n CVE no - \n CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "BID",
"id": "52615"
},
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1420",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19230",
"trust": 0.6
},
{
"db": "BID",
"id": "52615",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-54701",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "BID",
"id": "52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"id": "VAR-201203-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54701"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:13.263000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.k7computing.com/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.pandasecurity.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.kaspersky.co.jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/ja-jp/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80407"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1420"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1420"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19230"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pandasecurity.com/usa/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "BID",
"id": "52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54701"
},
{
"db": "BID",
"id": "52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54701"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52615"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:47.130000",
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-54701"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52615"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001882"
},
{
"date": "2012-08-14T03:35:48.800000",
"db": "NVD",
"id": "CVE-2012-1420"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001882"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-387"
}
],
"trust": 0.6
}
}
VAR-201203-0148
Vulnerability from variot - Updated: 2023-12-18 12:10The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF Parser If it is announced that there is also a problem with the implementation of CVE May be split.The endian field changed by a third party ELF Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.6,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.4001158"
},
{
"model": "nprotect",
"scope": "eq",
"trust": 0.3,
"vendor": "inca",
"version": "2011-01-17.01"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52614"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1463"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52614"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1463",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1463",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54744",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1463",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54744",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-1463",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF Parser If it is announced that there is also a problem with the implementation of CVE May be split.The endian field changed by a third party ELF Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "BID",
"id": "52614"
},
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "VULMON",
"id": "CVE-2012-1463"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1463",
"trust": 2.9
},
{
"db": "BID",
"id": "52614",
"trust": 1.5
},
{
"db": "OSVDB",
"id": "80426",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "80433",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19237",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54744",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-1463",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"db": "BID",
"id": "52614"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"id": "VAR-201203-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54744"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:13.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "Bitdefender",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "F-Prot Antivirus",
"trust": 0.8,
"url": "http://www.f-prot.com/index.html"
},
{
"title": "MacAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Norman Antivirus",
"trust": 0.8,
"url": "http://www.norman.com/products/antivirus_antispyware/en"
},
{
"title": "nProtect Anti-Virus",
"trust": 0.8,
"url": "http://global.nprotect.com/product/avs.php"
},
{
"title": "Panda Antivirus",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "Quick Heal",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.8,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/52614"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80426"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80433"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1463"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1463"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19237"
},
{
"trust": 0.3,
"url": "http://www.ahnlab.com"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://www.f-secure.com/"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://global.nprotect.com/index.php"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pandasecurity.com/usa/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"db": "BID",
"id": "52614"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54744"
},
{
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"db": "BID",
"id": "52614"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54744"
},
{
"date": "2012-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52614"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"date": "2012-03-21T10:11:49.740000",
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-54744"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1463"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52614"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001872"
},
{
"date": "2017-08-29T01:31:17.447000",
"db": "NVD",
"id": "CVE-2012-1463"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products ELF Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-426"
}
],
"trust": 0.6
}
}
VAR-201203-0385
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \50\4B\03\04 Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: AVIRA AntiVir Engine 7.11.1.163 Antiy Antiy-AVL 2.0.3.7 Quick Heal Technologies CAT-QuickHeal 11.00 Emsisoft Antivirus 5.1.0.1 Ikarus Antivirus T3.1.1.97.0 Jiangmin 13.0.900 Kaspersky Antivirus 7.0.0.125 McAfee 5.400.0.1158 McAfee-GW-Edition 2010.1C NOD32 5795 Norman Antivirus 6.06.12 PCTools Antivirus 7.0.3.5 Symantec AntiVirus 20101.3.0.103 TrendMicro 9.120.0.1004 TrendMicro-HouseCall 9.120.0.1004. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.
Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1456
- If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1459
- If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.4,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11 avengine 20101.3.0.103"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
}
],
"sources": [
{
"db": "BID",
"id": "52580"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1425"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52580"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1425",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54706",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1425",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54706",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \\50\\4B\\03\\04 Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nAVIRA AntiVir Engine 7.11.1.163\nAntiy Antiy-AVL 2.0.3.7\nQuick Heal Technologies CAT-QuickHeal 11.00\nEmsisoft Antivirus 5.1.0.1\nIkarus Antivirus T3.1.1.97.0\nJiangmin 13.0.900\nKaspersky Antivirus 7.0.0.125\nMcAfee 5.400.0.1158\nMcAfee-GW-Edition 2010.1C\nNOD32 5795\nNorman Antivirus 6.06.12\nPCTools Antivirus 7.0.3.5\nSymantec AntiVirus 20101.3.0.103\nTrendMicro 9.120.0.1004\nTrendMicro-HouseCall 9.120.0.1004. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. \n\n Affected products -\n AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n CVE no - \n CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, \n Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, \n CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, \n Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, \n Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, \n PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, \n Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, \n VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1459\n\n42. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "BID",
"id": "52580"
},
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1425",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80392",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19226",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391",
"trust": 0.6
},
{
"db": "BID",
"id": "52580",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-54706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "BID",
"id": "52580"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"id": "VAR-201203-0385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54706"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:12.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.antiy.net/en/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avira.com/ja/for-home"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.pctools.com/jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.kaspersky.co.jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mcafee.com/japan/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80392"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1425"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1425"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19226"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.avira.com/"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "BID",
"id": "52580"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54706"
},
{
"db": "BID",
"id": "52580"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54706"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52580"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:47.397000",
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-54706"
},
{
"date": "2012-03-30T16:10:00",
"db": "BID",
"id": "52580"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001887"
},
{
"date": "2012-08-14T03:35:49.627000",
"db": "NVD",
"id": "CVE-2012-1425"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001887"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-391"
}
],
"trust": 0.6
}
}
VAR-201203-0367
Vulnerability from variot - Updated: 2023-12-18 12:10The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1425
- Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1446
- 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.
Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1456
- If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 1.8,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "4.61"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "nprotect",
"scope": "eq",
"trust": 0.3,
"vendor": "inca",
"version": "2011-01-17.01"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52612"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1443",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1443",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54724",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1443",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54724",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n CVE no - \n CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. \n\n Affected products -\n AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n CVE no - \n CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1443",
"trust": 2.9
},
{
"db": "BID",
"id": "52612",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80469",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80461",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80454",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80455",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80467",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80468",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80471",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80456",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80459",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80472",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80470",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80457",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80460",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80458",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19198",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"id": "VAR-201203-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:12.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVL SDK",
"trust": 0.8,
"url": "http://www.antiy.net/en/avlsdk.html"
},
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.avast.co.jp/index"
},
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clamav.net/lang/en/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gdata.co.jp/"
},
{
"title": "IKARUS virus.utilities",
"trust": 0.8,
"url": "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "K7 AntiVirus",
"trust": 0.8,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"title": "MacAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "nProtect Anti-Virus",
"trust": 0.8,
"url": "http://global.nprotect.com/product/avs.php"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "PC Tools AntiVirus",
"trust": 0.8,
"url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/tools/housecall/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://anti-virus.by/en"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sophos.com"
},
{
"title": "Microsoft Security Essentials",
"trust": 0.8,
"url": "http://windows.microsoft.com/ja-jp/windows/products/security-essentials"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/japan/products/web_gateway.asp"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52612"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80454"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80455"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80456"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80457"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80458"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80459"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80460"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80461"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80467"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80468"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80469"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80470"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80471"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80472"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1443"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1443"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19198"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2012/mar/88"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54724"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52612"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:48.083000",
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-54724"
},
{
"date": "2015-03-19T08:41:00",
"db": "BID",
"id": "52612"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"date": "2012-11-06T05:09:04.360000",
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products RAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
],
"trust": 0.6
}
}
VAR-201203-0146
Vulnerability from variot - Updated: 2023-12-18 12:10The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. Multiple products Gzip A file parser contains a vulnerability that can prevent malware detection. Different Gzip If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Have multiple compressed streams by a third party .tar.gz Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "comodo",
"version": "7424"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
}
],
"sources": [
{
"db": "BID",
"id": "52626"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1461"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52626"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1461",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1461",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54742",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1461",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54742"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. Multiple products Gzip A file parser contains a vulnerability that can prevent malware detection. Different Gzip If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Have multiple compressed streams by a third party .tar.gz Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "BID",
"id": "52626"
},
{
"db": "VULHUB",
"id": "VHN-54742"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1461",
"trust": 2.8
},
{
"db": "BID",
"id": "52626",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80510",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80501",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80500",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80504",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80505",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80503",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80502",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80506",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19199",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54742"
},
{
"db": "BID",
"id": "52626"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"id": "VAR-201203-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54742"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:12.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "Rising Antivirus",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Bitdefender",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Fortinet Antivirus",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "K7 AntiVirus",
"trust": 0.8,
"url": "http://www.k7computing.com/en/consumer_home.php"
},
{
"title": "McAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/us/products/web-gateway.aspx"
},
{
"title": "Norman Antivirus",
"trust": 0.8,
"url": "http://www.norman.com/products/antivirus_antispyware/en"
},
{
"title": "Sophos Anti-Virus",
"trust": 0.8,
"url": "http://www.sophos.com/ja-jp/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/index.html"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/tools/housecall/index.html"
},
{
"title": "VBA32",
"trust": 0.8,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54742"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52626"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80500"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80501"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80502"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80503"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80504"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80505"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80506"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80510"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1461"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1461"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19199"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54742"
},
{
"db": "BID",
"id": "52626"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54742"
},
{
"db": "BID",
"id": "52626"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54742"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52626"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"date": "2012-03-21T10:11:49.677000",
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"date": "2012-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-54742"
},
{
"date": "2012-03-30T16:20:00",
"db": "BID",
"id": "52626"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001901"
},
{
"date": "2012-11-06T05:09:07.283000",
"db": "NVD",
"id": "CVE-2012-1461"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products Gzip Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001901"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-424"
}
],
"trust": 0.6
}
}
VAR-201203-0381
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================ Ubuntu Security Notice USN-1482-1 June 19, 2012
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
ClamAV could improperly detect malware if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM files. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1
Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1
Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1
Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1482-1 CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4 .
The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
Updated Packages:
Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virusbuster",
"scope": "eq",
"trust": 2.4,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.6402"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
}
],
"sources": [
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52610"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1457",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54738",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1457",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54738",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================\nUbuntu Security Notice USN-1482-1\nJune 19, 2012\n\nclamav vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted\nfile. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nIt was discovered that ClamAV incorrectly handled certain malformed TAR\narchives. (CVE-2012-1457,\nCVE-2012-1459)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM\nfiles. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n clamav 0.97.5+dfsg-1ubuntu0.12.04.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1\n libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1\n\nUbuntu 11.10:\n clamav 0.97.5+dfsg-1ubuntu0.11.10.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1\n libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1\n\nUbuntu 11.04:\n clamav 0.97.5+dfsg-1ubuntu0.11.04.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1\n libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1\n\nUbuntu 10.04 LTS:\n clamav 0.96.5+dfsg-1ubuntu1.10.04.4\n clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4\n libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1482-1\n CVE-2012-1457, CVE-2012-1458, CVE-2012-1459\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4\n. \n \n The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers\n to bypass malware detection via a crafted reset interval in the LZXC\n header of a CHM file. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-54738",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1457",
"trust": 3.0
},
{
"db": "BID",
"id": "52610",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80392",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80393",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19229",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113841",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"id": "VAR-201203-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:12.001000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aladdin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.antiy.net/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.authentium.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.avast.com/index"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avg.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clamav.net/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emsisoft.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gdata-software.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.k7computing.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mcafee.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "openSUSE-SU-2012:0833",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.pctools.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.symantec.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trendmicro.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://anti-virus.by/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.kaspersky.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52610"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80392"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80393"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80407"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1457"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19229"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.avast.com"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.avira.com/"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.gdatasoftware.com"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54738"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52610"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"date": "2012-06-20T02:54:11",
"db": "PACKETSTORM",
"id": "113878"
},
{
"date": "2012-06-19T00:56:02",
"db": "PACKETSTORM",
"id": "113841"
},
{
"date": "2012-03-21T10:11:49.287000",
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-54738"
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "52610"
},
{
"date": "2012-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"date": "2018-01-18T02:29:13.083000",
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
],
"trust": 0.6
}
}
VAR-201203-0380
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party ZIP File attached TAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: AVG AVG Anti-Virus 10.0.0.1190 Quick Heal Technologies CAT-QuickHeal 11.00 Comodo AntiVirus 7424 Emsisoft Antivirus 5.1.0.1 eSafe Antivirus 7.0.17.0 Frisk Software F-Prot Antivirus 4.6.2.117 Fortinet Antivirus 4.2.254.0 Ikarus Antivirus T3.1.1.97.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
}
],
"sources": [
{
"db": "BID",
"id": "52608"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1456"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52608"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1456",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54737",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1456",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-419",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54737",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54737"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party ZIP File attached TAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nAVG AVG Anti-Virus 10.0.0.1190\nQuick Heal Technologies CAT-QuickHeal 11.00\nComodo AntiVirus 7424\nEmsisoft Antivirus 5.1.0.1\neSafe Antivirus 7.0.17.0\nFrisk Software F-Prot Antivirus 4.6.2.117\nFortinet Antivirus 4.2.254.0\nIkarus Antivirus T3.1.1.97.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "BID",
"id": "52608"
},
{
"db": "VULHUB",
"id": "VHN-54737"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1456",
"trust": 2.8
},
{
"db": "BID",
"id": "52608",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80390",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19212",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54737",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54737"
},
{
"db": "BID",
"id": "52608"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"id": "VAR-201203-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54737"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:11.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "Rising Antivirus",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Fortinet Antivirus",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "F-Prot Antivirus",
"trust": 0.8,
"url": "http://www.f-prot.com/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "McAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/us/products/web-gateway.aspx"
},
{
"title": "Norman Antivirus",
"trust": 0.8,
"url": "http://www.norman.com/products/antivirus_antispyware/en"
},
{
"title": "Panda Antivirus",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "Quick Heal",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Sophos Anti-Virus",
"trust": 0.8,
"url": "http://www.sophos.com/ja-jp/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/index.html"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://housecall.trendmicro.com/"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54737"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52608"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80390"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1456"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1456"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19212"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54737"
},
{
"db": "BID",
"id": "52608"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54737"
},
{
"db": "BID",
"id": "52608"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54737"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52608"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"date": "2012-03-21T10:11:49.240000",
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-54737"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52608"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001900"
},
{
"date": "2017-08-29T01:31:17.133000",
"db": "NVD",
"id": "CVE-2012-1456"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-419"
}
],
"trust": 0.6
}
}
VAR-201203-0400
Vulnerability from variot - Updated: 2023-12-18 12:10The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. CVE May be split intoChanged by a third party identsize Have fields ELF Via files, malware detection can be bypassed. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly.
If an infected ELF file's identsize field is incremented by 1 it evades
detection. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1459
- If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0400",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etrust vet antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "ca",
"version": "36.1.8511"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.6,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "associates etrust vet antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "36.1.8511"
}
],
"sources": [
{
"db": "BID",
"id": "52595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_vet_antivirus:36.1.8511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1440"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52595"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1440",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1440",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54721",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1440",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-404",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54721",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. CVE May be split intoChanged by a third party identsize Have fields ELF Via files, malware detection can be bypassed. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, \n Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, \n CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, \n Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, \n Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, \n PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, \n Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, \n VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1459\n\n42. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "BID",
"id": "52595"
},
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1440",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "BID",
"id": "52595",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-54721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "BID",
"id": "52595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"id": "VAR-201203-0400",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54721"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:08.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ca.com/jp/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1440"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1440"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pandasecurity.com/usa/"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "BID",
"id": "52595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54721"
},
{
"db": "BID",
"id": "52595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54721"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52595"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:47.957000",
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54721"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52595"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001875"
},
{
"date": "2012-03-21T10:11:47.957000",
"db": "NVD",
"id": "CVE-2012-1440"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products ELF Vulnerability to bypass malware detection in file parser",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-404"
}
],
"trust": 0.6
}
}
VAR-201203-0370
Vulnerability from variot - Updated: 2023-12-18 12:10The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Changed by a third party encoding With field ELF Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection. 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "etrust vet antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "ca",
"version": "36.1.8511"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.6,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "4.61"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "associates etrust vet antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "36.1.8511"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
}
],
"sources": [
{
"db": "BID",
"id": "52600"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_vet_antivirus:36.1.8511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52600"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1446",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54727",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1446",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-410",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54727",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Changed by a third party encoding With field ELF Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "BID",
"id": "52600"
},
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1446",
"trust": 2.9
},
{
"db": "BID",
"id": "52600",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80431",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80426",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80427",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80428",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80430",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "BID",
"id": "52600"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"id": "VAR-201203-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54727"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:08.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVL SDK",
"trust": 0.8,
"url": "http://www.antiy.net/en/avlsdk.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vet.com.au/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "MacAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "PC Tools AntiVirus",
"trust": 0.8,
"url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sophos.com"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/japan/products/web_gateway.asp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52600"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80426"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80427"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80428"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80430"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80431"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1446"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pandasecurity.com/usa/"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.sophos.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "BID",
"id": "52600"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54727"
},
{
"db": "BID",
"id": "52600"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54727"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52600"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:48.270000",
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-54727"
},
{
"date": "2012-03-30T16:10:00",
"db": "BID",
"id": "52600"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001897"
},
{
"date": "2012-07-28T03:30:35.210000",
"db": "NVD",
"id": "CVE-2012-1446"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products ELF Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001897"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-410"
}
],
"trust": 0.6
}
}
VAR-201203-0144
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================ Ubuntu Security Notice USN-1482-2 June 20, 2012
clamav regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
ClamAV could improperly detect malware if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2
Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2
Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1482-2 http://www.ubuntu.com/usn/usn-1482-1 https://launchpad.net/bugs/1015337
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:094 http://www.mandriva.com/security/
Package : clamav Date : June 18, 2012 Affected: Enterprise Server 5.0
Problem Description:
This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues:
The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
Updated Packages:
Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virusbuster",
"scope": "eq",
"trust": 2.4,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 antimalware engine 1.1.6402.0"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.6402"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.96.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52623"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1459",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54740",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1459",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54740",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================\nUbuntu Security Notice USN-1482-2\nJune 20, 2012\n\nclamav regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail\nto install in certain situations. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled certain malformed TAR\n archives. (CVE-2012-1457,\n CVE-2012-1459)\n \n It was discovered that ClamAV incorrectly handled certain malformed CHM\n files. A remote attacker could create a specially-crafted CHM file\n containing malware that could escape being detected. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n clamav 0.97.5+dfsg-1ubuntu0.12.04.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2\n libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2\n\nUbuntu 11.10:\n clamav 0.97.5+dfsg-1ubuntu0.11.10.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2\n libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2\n\nUbuntu 11.04:\n clamav 0.97.5+dfsg-1ubuntu0.11.04.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2\n libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1482-2\n http://www.ubuntu.com/usn/usn-1482-1\n https://launchpad.net/bugs/1015337\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:094\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : clamav\n Date : June 18, 2012\n Affected: Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n This is a bugfix release that upgrades clamav to the latest version\n (0.97.5) that resolves the following security issues:\n \n The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass\n malware detection via a TAR archive entry with a length field that\n exceeds the total TAR file size. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-54740",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1459",
"trust": 3.2
},
{
"db": "BID",
"id": "52623",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80390",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80392",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80393",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113878",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115619",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113895",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113841",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"id": "VAR-201203-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:08.445000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVL SDK",
"trust": 0.8,
"url": "http://www.antiy.net/"
},
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "avast! Antivirus",
"trust": 0.8,
"url": "https://www.avast.co.jp/index"
},
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "AntiVir",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Rising Antivirus",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Bitdefender",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "ClamAV",
"trust": 0.8,
"url": "http://www.clamav.net/lang/en/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Fortinet Antivirus",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "F-Prot Antivirus",
"trust": 0.8,
"url": "http://www.f-prot.com/index.html"
},
{
"title": "G Data AntiVirus",
"trust": 0.8,
"url": "http://www.gdata.co.jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "K7 AntiVirus",
"trust": 0.8,
"url": "http://www.k7computing.com/en/consumer_home.php"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/us/products/web-gateway.aspx"
},
{
"title": "McAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Norman Antivirus",
"trust": 0.8,
"url": "http://www.norman.com/products/antivirus_antispyware/en"
},
{
"title": "nProtect Anti-Virus",
"trust": 0.8,
"url": "http://global.nprotect.com/product/avs.php"
},
{
"title": "openSUSE-SU-2012:0833",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"title": "Panda Antivirus",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "PC Tools AntiVirus",
"trust": 0.8,
"url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
},
{
"title": "Quick Heal",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Sophos Anti-Virus",
"trust": 0.8,
"url": "http://www.sophos.com/ja-jp/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/index.html"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/tools/housecall/index.html"
},
{
"title": "VBA32",
"trust": 0.8,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"title": "VirusBuster",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Microsoft Security Essentials",
"trust": 0.8,
"url": "http://windows.microsoft.com/ja-jp/windows/products/security-essentials"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52623"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80390"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80392"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80393"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80407"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1459"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.avast.com"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.avira.com/"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.gdatasoftware.com"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-1482-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1015405"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1015337"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54740"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52623"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"date": "2012-08-17T02:36:21",
"db": "PACKETSTORM",
"id": "115619"
},
{
"date": "2012-06-20T03:33:06",
"db": "PACKETSTORM",
"id": "113895"
},
{
"date": "2012-06-20T02:54:11",
"db": "PACKETSTORM",
"id": "113878"
},
{
"date": "2012-06-19T00:56:02",
"db": "PACKETSTORM",
"id": "113841"
},
{
"date": "2012-03-21T10:11:49.597000",
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-54740"
},
{
"date": "2015-04-13T22:00:00",
"db": "BID",
"id": "52623"
},
{
"date": "2012-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"date": "2018-01-18T02:29:13.273000",
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
],
"trust": 0.6
}
}
VAR-201203-0147
Vulnerability from variot - Updated: 2023-12-18 12:10The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. Multiple products ZIP A file parser contains a vulnerability that can prevent malware detection. Different ZIP Parser If it is announced that there is also a problem with the implementation of CVE May be split.A third party includes an invalid block of data at the beginning ZIP Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "4.61"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52613"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1462"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52613"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1462",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1462",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54743",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1462",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-425",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54743",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54743"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. Multiple products ZIP A file parser contains a vulnerability that can prevent malware detection. Different ZIP Parser If it is announced that there is also a problem with the implementation of CVE May be split.A third party includes an invalid block of data at the beginning ZIP Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "BID",
"id": "52613"
},
{
"db": "VULHUB",
"id": "VHN-54743"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1462",
"trust": 2.8
},
{
"db": "BID",
"id": "52613",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19217",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54743",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54743"
},
{
"db": "BID",
"id": "52613"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"id": "VAR-201203-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54743"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:08.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "Fortinet Antivirus",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Quick Heal",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sophos.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54743"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52613"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1462"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1462"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19217"
},
{
"trust": 0.3,
"url": "http://www.ahnlab.com"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.sophos.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54743"
},
{
"db": "BID",
"id": "52613"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54743"
},
{
"db": "BID",
"id": "52613"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54743"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52613"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"date": "2012-03-21T10:11:49.707000",
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-54743"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52613"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001871"
},
{
"date": "2017-08-29T01:31:17.383000",
"db": "NVD",
"id": "CVE-2012-1462"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products ZIP Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001871"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-425"
}
],
"trust": 0.6
}
}
VAR-201203-0383
Vulnerability from variot - Updated: 2023-12-18 12:10The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoBy a third party, MZ Has a character sequence that starts with POSIX TAR Via files, malware detection can be bypassed. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection. 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection. 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "command antivirus",
"scope": "eq",
"trust": 2.4,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 1.8,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
}
],
"sources": [
{
"db": "BID",
"id": "52588"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52588"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1423",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1423",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54704",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1423",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54704",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-1423",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR The file parser contains a vulnerability that can bypass malware detection. CVE May be split intoBy a third party, MZ Has a character sequence that starts with POSIX TAR Via files, malware detection can be bypassed. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "BID",
"id": "52588"
},
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1423",
"trust": 3.0
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "80393",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.2
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "BID",
"id": "52588",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-54704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-1423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"db": "BID",
"id": "52588"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"id": "VAR-201203-0383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54704"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:08.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/csavdownload.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.k7computing.com/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.pctools.com/jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.8,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80393"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.2,
"url": "http://osvdb.org/80407"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1423"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1423"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/52588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"db": "BID",
"id": "52588"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54704"
},
{
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"db": "BID",
"id": "52588"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54704"
},
{
"date": "2012-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52588"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:47.317000",
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-54704"
},
{
"date": "2012-08-14T00:00:00",
"db": "VULMON",
"id": "CVE-2012-1423"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52588"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001885"
},
{
"date": "2012-08-14T03:35:49.300000",
"db": "NVD",
"id": "CVE-2012-1423"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability to bypass malware detection in file parser",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001885"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-389"
}
],
"trust": 0.6
}
}
VAR-201208-0026
Vulnerability from variot - Updated: 2022-05-04 08:45** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack. Multiple vendors' security software is prone to security bypass vulnerabilities. These issues may allow attackers to bypass certain security restrictions and perform malicious actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "3d eqsecure",
"scope": "eq",
"trust": 1.0,
"vendor": "3dprotect",
"version": "4.2"
},
{
"model": "3d eqsecure",
"scope": "eq",
"trust": 0.8,
"vendor": "3dprotect",
"version": "professional edition 4.2"
},
{
"model": "labs zonealarm extreme security",
"scope": "eq",
"trust": 0.3,
"vendor": "zone",
"version": "9.1.507.000"
},
{
"model": "internet security essentials",
"scope": "eq",
"trust": 0.3,
"vendor": "webroot",
"version": "6.1.0.145"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "virusbuster",
"version": "3.2"
},
{
"model": "vba32 personal",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.12.4"
},
{
"model": "internet security pro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2010"
},
{
"model": "norton internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20100"
},
{
"model": "endpoint security and control",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "9.0.5"
},
{
"model": "defensewall personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "softsphere",
"version": "3.00"
},
{
"model": "security shield",
"scope": "eq",
"trust": 0.3,
"vendor": "pcsecurityshield",
"version": "201013.0.16.313"
},
{
"model": "tools firewall plus",
"scope": "eq",
"trust": 0.3,
"vendor": "pc",
"version": "6.0.0.88"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "2010"
},
{
"model": "security suite pro be",
"scope": "eq",
"trust": 0.3,
"vendor": "outpost",
"version": "7.0.3330.505.1221"
},
{
"model": "security suite pro",
"scope": "eq",
"trust": 0.3,
"vendor": "outpost",
"version": "6.7.3.3063.452.0726"
},
{
"model": "solutions security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "online",
"version": "1.5.14905.0"
},
{
"model": "armor online armor premium",
"scope": "eq",
"trust": 0.3,
"vendor": "online",
"version": "4.0.0.35"
},
{
"model": "security suite pro",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "8.0"
},
{
"model": "total protection",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2010"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "20109.0.0.736"
},
{
"model": "data totalcare",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "20100"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2010"
},
{
"model": "smart security",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "40"
},
{
"model": "blink professional",
"scope": "eq",
"trust": 0.3,
"vendor": "eeye",
"version": "4.6.1"
},
{
"model": "security space pro",
"scope": "eq",
"trust": 0.3,
"vendor": "dr web",
"version": "6.0.0.03100"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20100"
},
{
"model": "internet security free",
"scope": "eq",
"trust": 0.3,
"vendor": "comodo",
"version": "4.0.138377.779"
},
{
"model": "total security",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "20100"
},
{
"model": "premium security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "0"
},
{
"model": "avg",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "9.0.791"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.462"
},
{
"model": "3d eqsecure professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "3dprotect",
"version": "4.2"
},
{
"model": "internet security",
"scope": "ne",
"trust": 0.3,
"vendor": "comodo",
"version": "4.1.149672.916"
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:3dprotect:3d_eqsecure:4.2:-:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:3dprotect:3d_eqsecure:4.2:-:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "matousec.com",
"sources": [
{
"db": "BID",
"id": "39924"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-5150",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-5150",
"trust": 1.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack. Multiple vendors\u0027 security software is prone to security bypass vulnerabilities. \nThese issues may allow attackers to bypass certain security restrictions and perform malicious actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5150"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "BID",
"id": "39924"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5150",
"trust": 2.7
},
{
"db": "BID",
"id": "39924",
"trust": 2.7
},
{
"db": "OSVDB",
"id": "67660",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-751",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-751"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"id": "VAR-201208-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-04T08:45:24.696000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.securityfocus.com/bid/39924"
},
{
"trust": 2.4,
"url": "https://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"trust": 1.6,
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"trust": 1.6,
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 1.6,
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 1.6,
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5150"
},
{
"trust": 1.0,
"url": "http://www.osvdb.org/67660"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5150"
},
{
"trust": 0.3,
"url": "http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html"
},
{
"trust": 0.3,
"url": "http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 0.3,
"url": "http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-751"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-751"
},
{
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-05T00:00:00",
"db": "BID",
"id": "39924"
},
{
"date": "2019-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"date": "2012-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-751"
},
{
"date": "2012-08-25T21:55:00",
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "39924"
},
{
"date": "2019-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005731"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-751"
},
{
"date": "2012-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2010-5150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "39924"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows XP Run on 3D EQSecure Kernel mode hook handler bypass vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-751"
}
],
"trust": 0.6
}
}
VAR-201208-0033
Vulnerability from variot - Updated: 2022-05-04 08:45Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. Multiple vendors' security software is prone to security bypass vulnerabilities. These issues may allow attackers to bypass certain security restrictions and perform malicious actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0033",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet security",
"scope": "lte",
"trust": 1.0,
"vendor": "comodo",
"version": "4.0.141842.828"
},
{
"model": "internet security",
"scope": "lt",
"trust": 0.8,
"vendor": "comodo",
"version": "4.1.149672.916"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.6,
"vendor": "comodo",
"version": "4.0.141842.828"
},
{
"model": "labs zonealarm extreme security",
"scope": "eq",
"trust": 0.3,
"vendor": "zone",
"version": "9.1.507.000"
},
{
"model": "internet security essentials",
"scope": "eq",
"trust": 0.3,
"vendor": "webroot",
"version": "6.1.0.145"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "virusbuster",
"version": "3.2"
},
{
"model": "vba32 personal",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.12.4"
},
{
"model": "internet security pro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2010"
},
{
"model": "norton internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20100"
},
{
"model": "endpoint security and control",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "9.0.5"
},
{
"model": "defensewall personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "softsphere",
"version": "3.00"
},
{
"model": "security shield",
"scope": "eq",
"trust": 0.3,
"vendor": "pcsecurityshield",
"version": "201013.0.16.313"
},
{
"model": "tools firewall plus",
"scope": "eq",
"trust": 0.3,
"vendor": "pc",
"version": "6.0.0.88"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "2010"
},
{
"model": "security suite pro be",
"scope": "eq",
"trust": 0.3,
"vendor": "outpost",
"version": "7.0.3330.505.1221"
},
{
"model": "security suite pro",
"scope": "eq",
"trust": 0.3,
"vendor": "outpost",
"version": "6.7.3.3063.452.0726"
},
{
"model": "solutions security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "online",
"version": "1.5.14905.0"
},
{
"model": "armor online armor premium",
"scope": "eq",
"trust": 0.3,
"vendor": "online",
"version": "4.0.0.35"
},
{
"model": "security suite pro",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "8.0"
},
{
"model": "total protection",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "2010"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "20109.0.0.736"
},
{
"model": "data totalcare",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "20100"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "2010"
},
{
"model": "smart security",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "40"
},
{
"model": "blink professional",
"scope": "eq",
"trust": 0.3,
"vendor": "eeye",
"version": "4.6.1"
},
{
"model": "security space pro",
"scope": "eq",
"trust": 0.3,
"vendor": "dr web",
"version": "6.0.0.03100"
},
{
"model": "associates internet security suite plus",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20100"
},
{
"model": "internet security free",
"scope": "eq",
"trust": 0.3,
"vendor": "comodo",
"version": "4.0.138377.779"
},
{
"model": "total security",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "20100"
},
{
"model": "premium security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "0"
},
{
"model": "avg",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "9.0.791"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.462"
},
{
"model": "3d eqsecure professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "3dprotect",
"version": "4.2"
},
{
"model": "internet security",
"scope": "ne",
"trust": 0.3,
"vendor": "comodo",
"version": "4.1.149672.916"
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_internet_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.141842.828",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_internet_security:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.141842.828",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "matousec.com",
"sources": [
{
"db": "BID",
"id": "39924"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-5157",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-5157",
"trust": 1.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-485",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. Multiple vendors\u0027 security software is prone to security bypass vulnerabilities. \nThese issues may allow attackers to bypass certain security restrictions and perform malicious actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5157"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "BID",
"id": "39924"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5157",
"trust": 2.7
},
{
"db": "BID",
"id": "39924",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "65254",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "67660",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20100505 KHOBE - 8.0 EARTHQUAKE FOR WINDOWS DESKTOP SECURITY SOFTWARE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20100505 KHOBE - 8.0 EARTHQUAKE FOR WINDOWS DESKTOP SECURITY SOFTWARE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"id": "VAR-201208-0033",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-04T08:45:24.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "COMODO Internet Security 4.1.149672.916 Released!",
"trust": 0.8,
"url": "http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"trust": 2.4,
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 2.4,
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 1.9,
"url": "http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/39924"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/67660"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/65254"
},
{
"trust": 1.6,
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"trust": 1.6,
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5157"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5157"
},
{
"trust": 0.3,
"url": "http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"trust": 0.3,
"url": "http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "39924"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-05T00:00:00",
"db": "BID",
"id": "39924"
},
{
"date": "2012-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"date": "2012-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"date": "2012-08-25T21:55:00",
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T21:02:00",
"db": "BID",
"id": "39924"
},
{
"date": "2012-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004295"
},
{
"date": "2012-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-485"
},
{
"date": "2012-08-27T04:00:00",
"db": "NVD",
"id": "CVE-2010-5157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "39924"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows XP Run on Comodo Internet Security Kernel mode hook handler bypass vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004295"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-485"
}
],
"trust": 0.6
}
}
CVE-2020-8508 (GCVE-0-2020-8508)
Vulnerability from cvelistv5 – Published: 2020-02-03 02:43 – Updated: 2024-08-04 10:03
VLAI
Summary
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://downwithup.github.io/CVEPosts.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downwithup.github.io/CVEPosts.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T02:43:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downwithup.github.io/CVEPosts.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downwithup.github.io/CVEPosts.html",
"refsource": "MISC",
"url": "https://downwithup.github.io/CVEPosts.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8508",
"datePublished": "2020-02-03T02:43:06.000Z",
"dateReserved": "2020-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:45.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0816 (GCVE-0-2014-0816)
Vulnerability from cvelistv5 – Published: 2014-02-27 01:00 – Updated: 2024-08-06 09:27
VLAI
Summary
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN02017463/995510/index.html | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN02017463/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000026",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-27T00:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000026",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000026",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"name": "http://jvn.jp/en/jp/JVN02017463/995510/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0816",
"datePublished": "2014-02-27T01:00:00.000Z",
"dateReserved": "2014-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:27:20.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5167 (GCVE-0-2010-5167)
Vulnerability from cvelistv5 – Published: 2012-08-25 21:00 – Updated: 2024-09-16 17:39 Disputed
VLAI
Summary
Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://countermeasures.trendmicro.eu/you-just-can… | x_refsource_MISC |
| http://www.securityfocus.com/bid/39924 | vdb-entryx_refsource_BID |
| http://matousec.com/info/articles/khobe-8.0-earth… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/67660 | vdb-entryx_refsource_OSVDB |
| http://www.theregister.co.uk/2010/05/07/argument_… | x_refsource_MISC |
| http://www.f-secure.com/weblog/archives/00001949.html | x_refsource_MISC |
| http://matousec.com/info/advisories/khobe-8.0-ear… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/67660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/67660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5167",
"datePublished": "2012-08-25T21:00:00.000Z",
"dateReserved": "2012-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:39:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8508 (GCVE-0-2020-8508)
Vulnerability from nvd – Published: 2020-02-03 02:43 – Updated: 2024-08-04 10:03
VLAI
Summary
nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://downwithup.github.io/CVEPosts.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://downwithup.github.io/CVEPosts.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T02:43:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://downwithup.github.io/CVEPosts.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downwithup.github.io/CVEPosts.html",
"refsource": "MISC",
"url": "https://downwithup.github.io/CVEPosts.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8508",
"datePublished": "2020-02-03T02:43:06.000Z",
"dateReserved": "2020-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:03:45.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0816 (GCVE-0-2014-0816)
Vulnerability from nvd – Published: 2014-02-27 01:00 – Updated: 2024-08-06 09:27
VLAI
Summary
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN02017463/995510/index.html | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN02017463/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2014-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000026",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-27T00:57:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000026",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000026",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026"
},
{
"name": "http://jvn.jp/en/jp/JVN02017463/995510/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN02017463/995510/index.html"
},
{
"name": "JVN#02017463",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02017463/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0816",
"datePublished": "2014-02-27T01:00:00.000Z",
"dateReserved": "2014-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:27:20.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5167 (GCVE-0-2010-5167)
Vulnerability from nvd – Published: 2012-08-25 21:00 – Updated: 2024-09-16 17:39 Disputed
VLAI
Summary
Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://countermeasures.trendmicro.eu/you-just-can… | x_refsource_MISC |
| http://www.securityfocus.com/bid/39924 | vdb-entryx_refsource_BID |
| http://matousec.com/info/articles/khobe-8.0-earth… | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.osvdb.org/67660 | vdb-entryx_refsource_OSVDB |
| http://www.theregister.co.uk/2010/05/07/argument_… | x_refsource_MISC |
| http://www.f-secure.com/weblog/archives/00001949.html | x_refsource_MISC |
| http://matousec.com/info/advisories/khobe-8.0-ear… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/67660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-25T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/67660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html"
},
{
"name": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/",
"refsource": "MISC",
"url": "http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/"
},
{
"name": "39924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39924"
},
{
"name": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
},
{
"name": "20100505 KHOBE - 8.0 earthquake for Windows desktop security software",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html"
},
{
"name": "67660",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67660"
},
{
"name": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/"
},
{
"name": "http://www.f-secure.com/weblog/archives/00001949.html",
"refsource": "MISC",
"url": "http://www.f-secure.com/weblog/archives/00001949.html"
},
{
"name": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php",
"refsource": "MISC",
"url": "http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5167",
"datePublished": "2012-08-25T21:00:00.000Z",
"dateReserved": "2012-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:39:20.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1463 (GCVE-0-2012-1463)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/80433 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/52614 | vdb-entryx_refsource_BID |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://osvdb.org/80426 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"refsource": "OSVDB",
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52614"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"refsource": "OSVDB",
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1463",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:02.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1461 (GCVE-0-2012-1461)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://osvdb.org/80502 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/52626 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/80504 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80506 | vdb-entryx_refsource_OSVDB |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://osvdb.org/80500 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80505 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80501 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80503 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80510 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80502",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80502"
},
{
"name": "52626",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52626"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80504"
},
{
"name": "80506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80500"
},
{
"name": "80505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80505"
},
{
"name": "80501",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80501"
},
{
"name": "80503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80503"
},
{
"name": "80510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-10T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80502",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80502"
},
{
"name": "52626",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52626"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80504",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80504"
},
{
"name": "80506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80500",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80500"
},
{
"name": "80505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80505"
},
{
"name": "80501",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80501"
},
{
"name": "80503",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80503"
},
{
"name": "80510",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80502",
"refsource": "OSVDB",
"url": "http://osvdb.org/80502"
},
{
"name": "52626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52626"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80504",
"refsource": "OSVDB",
"url": "http://osvdb.org/80504"
},
{
"name": "80506",
"refsource": "OSVDB",
"url": "http://osvdb.org/80506"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80500",
"refsource": "OSVDB",
"url": "http://osvdb.org/80500"
},
{
"name": "80505",
"refsource": "OSVDB",
"url": "http://osvdb.org/80505"
},
{
"name": "80501",
"refsource": "OSVDB",
"url": "http://osvdb.org/80501"
},
{
"name": "80503",
"refsource": "OSVDB",
"url": "http://osvdb.org/80503"
},
{
"name": "80510",
"refsource": "OSVDB",
"url": "http://osvdb.org/80510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1461",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:01.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1459 (GCVE-0-2012-1459)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"refsource": "OSVDB",
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"refsource": "OSVDB",
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1459",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:01.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1457 (GCVE-0-2012-1457)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://osvdb.org/80406 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80393 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/80403 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80389 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80391 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80409 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80396 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80392 | vdb-entryx_refsource_OSVDB |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.securityfocus.com/bid/52610 | vdb-entryx_refsource_BID |
| http://osvdb.org/80407 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80395 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"refsource": "OSVDB",
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "MDVSA-2012:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "52610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52610"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
},
{
"name": "multiple-av-tar-length-evasion(74293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1457",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:00.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1456 (GCVE-0-2012-1456)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://osvdb.org/80406 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/80403 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80389 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80391 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/80409 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80396 | vdb-entryx_refsource_OSVDB |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://osvdb.org/80390 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/52608 | vdb-entryx_refsource_BID |
| http://osvdb.org/80395 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "multiple-av-zip-archive-evasion(74289)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80390"
},
{
"name": "52608",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52608"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "multiple-av-zip-archive-evasion(74289)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80390"
},
{
"name": "52608",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52608"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "multiple-av-zip-archive-evasion(74289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74289"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"refsource": "OSVDB",
"url": "http://osvdb.org/80390"
},
{
"name": "52608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52608"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1456",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:00.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1446 (GCVE-0-2012-1446)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://osvdb.org/80430 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/80427 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/52600 | vdb-entryx_refsource_BID |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://osvdb.org/80428 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80426 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80431 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80430"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80427"
},
{
"name": "52600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80428"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80426"
},
{
"name": "80431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-28T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80430"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80427",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80427"
},
{
"name": "52600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80428"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80426"
},
{
"name": "80431",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80430",
"refsource": "OSVDB",
"url": "http://osvdb.org/80430"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80427",
"refsource": "OSVDB",
"url": "http://osvdb.org/80427"
},
{
"name": "52600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52600"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80428",
"refsource": "OSVDB",
"url": "http://osvdb.org/80428"
},
{
"name": "80426",
"refsource": "OSVDB",
"url": "http://osvdb.org/80426"
},
{
"name": "80431",
"refsource": "OSVDB",
"url": "http://osvdb.org/80431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1446",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:00.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1443 (GCVE-0-2012-1443)
Vulnerability from nvd – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01
VLAI
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
| URL | Tags |
|---|---|
| http://osvdb.org/80472 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/522005 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/52612 | vdb-entryx_refsource_BID |
| http://osvdb.org/80467 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80461 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80470 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80460 | vdb-entryx_refsource_OSVDB |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
| http://osvdb.org/80468 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80456 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80457 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80458 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80454 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80455 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80459 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80469 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/80471 | vdb-entryx_refsource_OSVDB |
Date Public
2012-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-28T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80472",
"refsource": "OSVDB",
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"refsource": "OSVDB",
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"refsource": "OSVDB",
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"refsource": "OSVDB",
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"refsource": "OSVDB",
"url": "http://osvdb.org/80460"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"refsource": "OSVDB",
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"refsource": "OSVDB",
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"refsource": "OSVDB",
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"refsource": "OSVDB",
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"refsource": "OSVDB",
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"refsource": "OSVDB",
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"refsource": "OSVDB",
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"refsource": "OSVDB",
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"refsource": "OSVDB",
"url": "http://osvdb.org/80471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1443",
"datePublished": "2012-03-21T10:00:00.000Z",
"dateReserved": "2012-02-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:01:00.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2014-000026
Vulnerability from jvndb - Published: 2014-02-26 15:20 - Updated:2014-03-03 18:47Summary
Norman Security Suite vulnerable to privilege escalation
Details
Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability.
Satoshi Tanda reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000026.html",
"dc:date": "2014-03-03T18:47+09:00",
"dcterms:issued": "2014-02-26T15:20+09:00",
"dcterms:modified": "2014-03-03T18:47+09:00",
"description": "Norman Security Suite is an anti-virus software. Norman Security Suite contains a privilege escalation vulnerability.\r\n\r\nSatoshi Tanda reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000026.html",
"sec:cpe": {
"#text": "cpe:/a:norman:security_suite",
"@product": "Norman Security Suite",
"@vendor": "Norman",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000026",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN02017463/index.html",
"@id": "JVN#02017463",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0816",
"@id": "CVE-2014-0816",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0816",
"@id": "CVE-2014-0816",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Norman Security Suite vulnerable to privilege escalation"
}