Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability

Bugtraq ID:	52611
Class:	Design Error
CVE:	CVE-2012-1458
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Apr 16 2015 05:45PM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE openSUSE 12.1 SuSE openSUSE 11.4 Sophos Anti-Virus 4.61 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Clam Anti-Virus Antivirus 0.96.4
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.



Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.



The following products are affected:



Clam Anti-Virus Antivirus 0.96.4


Sophos Antivirus 4.61.0

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability

Solution:
Updates are available. Please see the references for more information.

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability

References:

• Clam Anti-Virus Homepage (Clam Anti-Virus)
  
• Sophos Homepage (Sophos)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)