Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
BID:52588
Info
Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
| Bugtraq ID: | 52588 |
| Class: | Design Error |
| CVE: |
CVE-2012-1423 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 20 2012 12:00AM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Trend Micro VirusBuster 13.6.151 0 Rising Antivirus 22.83 03 PCTools Antivirus 7.0.3 5 Norman Antivirus 6.6.12 K7 Computing Pvt Ltd K7AntiVirus 9.77.3565 Ikarus Antivirus T3.1.1.97.0 Frisk Software F-Prot Antivirus 4.6.2 117 Fortinet Antivirus 4.2.254 0 Eset NOD32 5795 Emsisoft Antivirus 5.1 1 Authentium Command Antivirus 5.2.11 5 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Command Antivirus 5.2.11.5
Antivirus 5.1.0.1
F-Prot Antivirus 4.6.2.117
Fortinent 4.2.254.0
Ikarus T3.1.1.97.0
K7AntiVirus 9.77.3565
NOD32 5795
Norman 6.06.12
PCTools 7.0.3.5
Rising 22.83.00.03
VirusBuster 13.6.151.0
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Command Antivirus 5.2.11.5
Antivirus 5.1.0.1
F-Prot Antivirus 4.6.2.117
Fortinent 4.2.254.0
Ikarus T3.1.1.97.0
K7AntiVirus 9.77.3565
NOD32 5795
Norman 6.06.12
PCTools 7.0.3.5
Rising 22.83.00.03
VirusBuster 13.6.151.0
Exploit / POC
Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products CVE-2012-1423 TAR File Scan Evasion Vulnerability
References:
References:
- Authentium Homepage (Authentium)
- Emsisoft Homepage (Emsisoft)
- ESET Homepage (ESET)
- Fortinet Homepage (Fortinet)
- Frisk Software Homepage (Frisk Software)
- Ikarus Homepage (Ikarus)
- K7 Computing Pvt Ltd Homepage (K7 Computing Pvt Ltd)
- Norman Homepage (Norman)
- PCTools Homepage (PCTools)
- Rising Homepage (Rising International Software)
- Trend Micro Homepage (Trend Micro)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)