BID:52591

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

Info

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

Bugtraq ID:	52591
Class:	Design Error
CVE:	CVE-2012-1431
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 20 2012 12:00AM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Sophos Anti-Virus 4.61 Rising Antivirus 22.83 03 McAfee McAfee-GW-Edition 2010.1C INCA nProtect 2011-01-17.01 Frisk Software F-Prot Antivirus 4.6.2 117 F-Secure Antivirus 9.0.16160.0 eSafe Antivirus 7.0.17 0 Comodo AntiVirus 7424 BitDefender AntiVirus 7.2 Authentium Command Antivirus 5.2.11 5

Not Vulnerable:

Discussion

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

BitDefender AntiVirus 7.2
Authentium Command Antivirus 5.2.11.5
Comodo AntiVirus 7424
eSafe Antivirus 7.0.17.0
Frisk Software F-Prot Antivirus 4.6.2.117
F-Secure Antivirus 9.0.16160.0
McAfee McAfee-GW-Edition 2010.1C
INCA nProtect 2011-01-17.01
Sophos Antivirus 4.61.0
Rising Antivirus 22.83.00.03

Exploit / POC

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Solution / Fix

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Multiple AntiVirus Products CVE-2012-1431 ELF File Scan Evasion Vulnerability

References:

Authentium Homepage (Authentium)
BitDefender Homepage (BitDefender)
Comodo Homepage (Comodo)
eSafe Homepage (eSafe)
F-Secure Homepage (F-Secure)
Frisk Software Homepage (Frisk Software)
INCA Homepage (INCA)
McAfee Homepage (McAfee)
Rising Homepage (Rising International Software)
Sophos Homepage (Sophos)
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)