Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability

Bugtraq ID:	52581
Class:	Design Error
CVE:	CVE-2012-1429
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 30 2012 04:10PM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	McAfee McAfee-GW-Edition 2010.1C INCA nProtect 2011-01-17.01 Ikarus Antivirus T3.1.1.97.0 eSafe Antivirus 7.0.17 0 Emsisoft Antivirus 5.1 1 Comodo AntiVirus 7424 BitDefender AntiVirus 7.2
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability

Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

BitDefender AntiVirus 7.2
Comodo AntiVirus 7424
Emsisoft Antivirus 5.1.0.1
eSafe Antivirus 7.0.17.0
Ikarus Antivirus T3.1.1.97.0
McAfee McAfee 5.400.0.1158
McAfee McAfee-GW-Edition 2010.1C
INCA nProtect 2011-01-17.01

Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability

References:

• BitDefender Homepage (BitDefender)
  
• Comodo Homepage (Comodo)
  
• Emsisoft Homepage (Emsisoft)
  
• eSafe Homepage (eSafe)
  
• Ikarus Homepage (Ikarus)
  
• INCA Homepage (INCA)
  
• McAfee Homepage (McAfee)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)