PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
BID:52454
Info
PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
| Bugtraq ID: | 52454 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1907 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2012 12:00AM |
| Updated: | May 10 2012 03:00PM |
| Credit: | Moshe Zioni |
| Vulnerable: |
PrivaWall PrivaWall Antivirus 5.6 |
| Not Vulnerable: |
PrivaWall PrivaWall Antivirus 5.6 Build 2354 |
Discussion
PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
PrivaWall Antivirus is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass the antivirus protection, potentially aiding in further attacks.
PrivaWall Antivirus versions 5.6 and prior are vulnerable.
PrivaWall Antivirus is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass the antivirus protection, potentially aiding in further attacks.
PrivaWall Antivirus versions 5.6 and prior are vulnerable.
Exploit / POC
PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
An attacker can use readily available tools to exploit.
An attacker can use readily available tools to exploit.
Solution / Fix
PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
Solution:
Reportedly, the vendor has fixed the issue. However, Symantec has not confirmed it. Please contact the vendor for more information.
Solution:
Reportedly, the vendor has fixed the issue. However, Symantec has not confirmed it. Please contact the vendor for more information.
References
PrivaWall Antivirus Office XML Format Evasion Security Bypass Vulnerability
References:
References: