Multiple AntiVirus Products TAR File Scan Evasion Vulnerability

Bugtraq ID:	52579
Class:	Design Error
CVE:	CVE-2012-1428
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 20 2012 12:00AM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Sophos Anti-Virus 4.61 Quick Heal Technologies CAT-QuickHeal 11.00 Norman Antivirus 6.6.12
Not Vulnerable:

Multiple AntiVirus Products TAR File Scan Evasion Vulnerability

Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

Multiple AntiVirus Products TAR File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products TAR File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AntiVirus Products TAR File Scan Evasion Vulnerability

References:

• Norman Homepage (Norman)
  
• Quick Heal Technologies Homepage (Quick Heal Technologies)
  
• Sophos Homepage (Sophos)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)