Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
BID:52580
Info
Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
| Bugtraq ID: | 52580 |
| Class: | Design Error |
| CVE: |
CVE-2012-1425 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 30 2012 04:10PM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Trend Micro Trend Micro 9.120 1004 Trend Micro HouseCall 9.120 1004 Symantec AntiVirus 20101.3 103 Quick Heal Technologies CAT-QuickHeal 11.00 PCTools Antivirus 7.0.3 5 Norman Antivirus 6.6.12 McAfee McAfee-GW-Edition 2010.1C Kaspersky Kaspersky Antivirus 7.0 125 Jiangmin Corporation Jiangmin 13.0.900 Ikarus Antivirus T3.1.1.97.0 Eset NOD32 5795 Emsisoft Antivirus 5.1 1 AVIRA AntiVir Engine 7.11.1 163 Antiy Antiy-AVL 2.0.3 7 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
AVIRA AntiVir Engine 7.11.1.163
Antiy Antiy-AVL 2.0.3.7
Quick Heal Technologies CAT-QuickHeal 11.00
Emsisoft Antivirus 5.1.0.1
Ikarus Antivirus T3.1.1.97.0
Jiangmin 13.0.900
Kaspersky Antivirus 7.0.0.125
McAfee 5.400.0.1158
McAfee-GW-Edition 2010.1C
NOD32 5795
Norman Antivirus 6.06.12
PCTools Antivirus 7.0.3.5
Symantec AntiVirus 20101.3.0.103
TrendMicro 9.120.0.1004
TrendMicro-HouseCall 9.120.0.1004
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
AVIRA AntiVir Engine 7.11.1.163
Antiy Antiy-AVL 2.0.3.7
Quick Heal Technologies CAT-QuickHeal 11.00
Emsisoft Antivirus 5.1.0.1
Ikarus Antivirus T3.1.1.97.0
Jiangmin 13.0.900
Kaspersky Antivirus 7.0.0.125
McAfee 5.400.0.1158
McAfee-GW-Edition 2010.1C
NOD32 5795
Norman Antivirus 6.06.12
PCTools Antivirus 7.0.3.5
Symantec AntiVirus 20101.3.0.103
TrendMicro 9.120.0.1004
TrendMicro-HouseCall 9.120.0.1004
Exploit / POC
Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products TAR File Scan Evasion Vulnerability
References:
References:
- Antiy Homepage (Antiy)
- Avira Homepage (Avira)
- Emsisoft Homepage (Emsisoft)
- ESET Homepage (ESET)
- Ikarus Homepage (Ikarus)
- Jiangmin Corporation Homepage (Jiangmin Corporation)
- Kaspersky Homepage (Kaspersky)
- McAfee Homepage (McAfee)
- Norman Homepage (Norman)
- PCTools Homepage (PCTools)
- Quick Heal Technologies Homepage (Quick Heal Technologies)
- Symantec Homepage (Symantec)
- Trend Micro Homepage (Trend Micro)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)