CVE-2012-1448

21.03.2012, 10:11

The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
cat	quick_heal	11.00
emsisoft	anti-malware	5.1.0.1
ikarus	ikarus_virus_utilities_t3_command_line_scanner	1.1.97.0
trendmicro	housecall	9.120.0.1004
trendmicro	trend_micro_antivirus	9.120.0.1004

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-264 -

References

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://www.securityfocus.com/bid/52603

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://www.securityfocus.com/bid/52603