Multiple AntiVirus Products CVE-2012-1426 TAR File Scan Evasion Vulnerability

Bugtraq ID:	52585
Class:	Design Error
CVE:	CVE-2012-1426
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 20 2012 12:00AM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 Norman Antivirus 6.6.12 K7 Computing Pvt Ltd K7AntiVirus 9.77.3565 Frisk Software F-Prot Antivirus 4.6.2 117 Authentium Command Antivirus 5.2.11 5
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1426 TAR File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

CAT-QuickHeal 11.00
Command Antivirus 5.2.11.5
F-Prot Antivirus 4.6.2.117
K7AntiVirus 9.77.3565
Norman Antivirus 6.06.12
Rising Antivirus 22.83.00.03

Multiple AntiVirus Products CVE-2012-1426 TAR File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1426 TAR File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AntiVirus Products CVE-2012-1426 TAR File Scan Evasion Vulnerability

References:

• Authentium Homepage (Authentium)
  
• Frisk Software Homepage (Frisk Software)
  
• K7 Computing Pvt Ltd Homepage (K7 Computing Pvt Ltd)
  
• Norman Homepage (Norman)
  
• Quick Heal Technologies Homepage (Quick Heal Technologies)
  
• Rising Homepage (Rising International Software)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)