CVE-2012-1426

EUVD-2012-1451

21.03.2012, 10:11

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Affected Products (NVD)

Vendor	Product	Version
authentium	command_antivirus	5.2.11.5
cat	quick_heal	11.00
f-prot	f-prot_antivirus	4.6.2.117
k7computing	antivirus	9.77.3565
norman	norman_antivirus_\&_antispyware	6.06.12
rising-global	rising_antivirus	22.83.00.03

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-264 -

References

http://osvdb.org/80406

http://osvdb.org/80407

http://osvdb.org/80409

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://www.securityfocus.com/bid/52585

https://exchange.xforce.ibmcloud.com/vulnerabilities/74241

http://osvdb.org/80406

http://osvdb.org/80407

http://osvdb.org/80409

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://www.securityfocus.com/bid/52585

https://exchange.xforce.ibmcloud.com/vulnerabilities/74241