Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
BID:52598
Info
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
| Bugtraq ID: | 52598 |
| Class: | Design Error |
| CVE: |
CVE-2012-1442 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 30 2012 04:10PM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Sophos Anti-Virus 4.61 Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 Panda Antivirus 10.0.2 7 McAfee McAfee-GW-Edition 2010.1C Kaspersky Kaspersky Antivirus 7.0 125 F-Secure Antivirus 9.0.16160.0 Antiy Antiy-AVL 2.0.3 7 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Quick Heal Technologies CAT-QuickHeal 11.00
McAfee McAfee 5.400.0.1158
McAfee McAfee-GW-Edition 2010.1C
Kaspersky Kaspersky Antivirus 7.0.0.125
F-Secure Antivirus 9.0.16160.0
Sophos Antivirus 4.61.0
Antiy Antiy-AVL 2.0.3.7
Rising Antivirus 22.83.00.03
Panda Antivirus 10.0.2.7
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Quick Heal Technologies CAT-QuickHeal 11.00
McAfee McAfee 5.400.0.1158
McAfee McAfee-GW-Edition 2010.1C
Kaspersky Kaspersky Antivirus 7.0.0.125
F-Secure Antivirus 9.0.16160.0
Sophos Antivirus 4.61.0
Antiy Antiy-AVL 2.0.3.7
Rising Antivirus 22.83.00.03
Panda Antivirus 10.0.2.7
Exploit / POC
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
References:
References:
- Antiy Homepage (Antiy)
- F-Secure Homepage (F-Secure)
- Kaspersky Homepage (Kaspersky)
- McAfee Homepage (McAfee)
- Panda Homepage (Panda)
- Quick Heal Technologies Homepage (Quick Heal Technologies)
- Rising Homepage (Rising International Software)
- Sophos Homepage (Sophos)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)