Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
BID:52613
Info
Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
| Bugtraq ID: | 52613 |
| Class: | Design Error |
| CVE: |
CVE-2012-1462 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 20 2012 12:00AM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Symantec AntiVirus 20101.3 103 Sophos Anti-Virus 4.61 Quick Heal Technologies CAT-QuickHeal 11.00 Norman Antivirus 6.6.12 Kaspersky Kaspersky Antivirus 7.0 125 Jiangmin Corporation Jiangmin 13.0.900 Ikarus Antivirus T3.1.1.97.0 Fortinet Antivirus 4.2.254 0 eSafe Antivirus 7.0.17 0 Emsisoft Antivirus 5.1 1 AVG AVG Anti-Virus 10.0 1190 Ahnlab V3 Engine 2011.01.18.00 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Ahnlab V3 Engine 2011.01.18.00
AVG AVG Anti-Virus 10.0.0.1190
Quick Heal Technologies CAT-QuickHeal 11.00
Emsisoft Antivirus 5.1.0.1
eSafe Antivirus 7.0.17.0
Fortinet Antivirus 4.2.254.0
Ikarus Antivirus T3.1.1.97.0
Jiangmin Corporation Jiangmin 13.0.900
Kaspersky Kaspersky Antivirus 7.0.0.125
Norman Antivirus 6.06.12
Sophos Antivirus 4.61.0
Symantec AntiVirus 20101.3.0.103
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Ahnlab V3 Engine 2011.01.18.00
AVG AVG Anti-Virus 10.0.0.1190
Quick Heal Technologies CAT-QuickHeal 11.00
Emsisoft Antivirus 5.1.0.1
eSafe Antivirus 7.0.17.0
Fortinet Antivirus 4.2.254.0
Ikarus Antivirus T3.1.1.97.0
Jiangmin Corporation Jiangmin 13.0.900
Kaspersky Kaspersky Antivirus 7.0.0.125
Norman Antivirus 6.06.12
Sophos Antivirus 4.61.0
Symantec AntiVirus 20101.3.0.103
Exploit / POC
Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products CVE-2012-1462 ZIP File Scan Evasion Vulnerability
References:
References:
- Ahnlab Homepage (Ahnlab)
- AVG Homepage (AVG)
- Emsisoft Homepage (Emsisoft)
- eSafe Homepage (eSafe)
- Fortinet Homepage (Fortinet)
- Ikarus Homepage (Ikarus)
- Jiangmin Corporation Homepage (Jiangmin Corporation)
- Kaspersky Homepage (Kaspersky)
- Norman Homepage (Norman)
- Quick Heal Technologies Homepage (Quick Heal Technologies)
- Sophos Homepage (Sophos)
- Symantec Homepage (Symantec)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)