CVE-2012-1443

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
ahnlabv3_internet_security
2011.01.18.00
aladdinesafe
7.0.17.0
alwilavast_antivirus
4.8.1351.0
alwilavast_antivirus
5.0.677.0
anti-virusvba32
3.12.14.2
antiyavl_sdk
2.0.3.7
authentiumcommand_antivirus
5.2.11.5
avgavg_anti-virus
10.0.0.1190
aviraantivir
7.11.1.163
bitdefenderbitdefender
7.2
catquick_heal
11.00
clamavclamav
0.96.4
emsisoftanti-malware
5.1.0.1
f-protf-prot_antivirus
4.6.2.117
f-securef-secure_anti-virus
9.0.16160.0
fortinetfortinet_antivirus
4.2.254.0
ikarusikarus_virus_utilities_t3_command_line_scanner
1.1.97.0
jiangminjiangmin_antivirus
13.0.900
k7computingantivirus
9.77.3565
kasperskykaspersky_anti-virus
7.0.0.125
mcafeegateway
2010.1c:c
mcafeescan_engine
5.400.0.1158
microsoftsecurity_essentials
2.0
normannorman_antivirus_\&_antispyware
6.06.12
nprotectnprotect_antivirus
2011-01-17.01
pandasecuritypanda_antivirus
10.0.2.7
pc_toolspc_tools_antivirus
7.0.3.5
rising-globalrising_antivirus
22.83.00.03
sophossophos_anti-virus
4.61.0
symantecendpoint_protection
11.0
trendmicrohousecall
9.120.0.1004
trendmicrotrend_micro_antivirus
9.120.0.1004
virusbustervirusbuster
13.6.151.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://osvdb.org/80454
http://osvdb.org/80455
http://osvdb.org/80456
http://osvdb.org/80457
http://osvdb.org/80458
http://osvdb.org/80459
http://osvdb.org/80460
http://osvdb.org/80461
http://osvdb.org/80467
http://osvdb.org/80468
http://osvdb.org/80469
http://osvdb.org/80470
http://osvdb.org/80471
http://osvdb.org/80472
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52612
http://osvdb.org/80454
http://osvdb.org/80455
http://osvdb.org/80456
http://osvdb.org/80457
http://osvdb.org/80458
http://osvdb.org/80459
http://osvdb.org/80460
http://osvdb.org/80461
http://osvdb.org/80467
http://osvdb.org/80468
http://osvdb.org/80469
http://osvdb.org/80470
http://osvdb.org/80471
http://osvdb.org/80472
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52612