Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
BID:52575
Info
Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
| Bugtraq ID: | 52575 |
| Class: | Design Error |
| CVE: |
CVE-2012-1421 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 20 2012 12:00AM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Symantec AntiVirus 20101.3 103 Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 Norman Antivirus 6.6.12 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
CAT-QuickHeal 11.00
Antivirus 6.06.12
Antivirus 22.83.00.03
AntiVirus 20101.3.0.103
Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
CAT-QuickHeal 11.00
Antivirus 6.06.12
Antivirus 22.83.00.03
AntiVirus 20101.3.0.103
Exploit / POC
Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products 'TAR' File Scan Evasion Vulnerability
References:
References:
- Norman Homepage (Norman)
- Quick Heal Technologies Homepage (Quick Heal Technologies)
- Rising Homepage (Rising International Software)
- Symantec Homepage (Symantec)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)