Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
BID:52614
Info
Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
| Bugtraq ID: | 52614 |
| Class: | Design Error |
| CVE: |
CVE-2012-1463 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2012 12:00AM |
| Updated: | Mar 20 2012 12:00AM |
| Credit: | Suman Jana and Vitaly Shmatikov |
| Vulnerable: |
Quick Heal Technologies CAT-QuickHeal 11.00 Panda Antivirus 10.0.2 7 Norman Antivirus 6.6.12 McAfee McAfee 5.400 1158 INCA nProtect 2011-01-17.01 Frisk Software F-Prot Antivirus 4.6.2 117 F-Secure Antivirus 9.0.16160.0 eSafe Antivirus 7.0.17 0 Comodo AntiVirus 7424 BitDefender AntiVirus 7.2 Authentium Command Antivirus 5.2.11 5 Ahnlab V3 Engine 2011.01.18.00 |
| Not Vulnerable: | |
Discussion
Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Ahnlab V3 Engine 2011.01.18.00
BitDefender AntiVirus 7.2
Quick Heal Technologies CAT-QuickHeal 11.00
Authentium Command Antivirus 5.2.11.5
Comodo AntiVirus 7424
eSafe Antivirus 7.0.17.0
Frisk Software F-Prot Antivirus 4.6.2.117
F-Secure Antivirus 9.0.16160.0
McAfee McAfee 5.400.0.1158
Norman Antivirus 6.06.12
INCA nProtect 2011-01-17.01
Panda Antivirus 10.0.2.7
Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.
Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.
The following products are affected:
Ahnlab V3 Engine 2011.01.18.00
BitDefender AntiVirus 7.2
Quick Heal Technologies CAT-QuickHeal 11.00
Authentium Command Antivirus 5.2.11.5
Comodo AntiVirus 7424
eSafe Antivirus 7.0.17.0
Frisk Software F-Prot Antivirus 4.6.2.117
F-Secure Antivirus 9.0.16160.0
McAfee McAfee 5.400.0.1158
Norman Antivirus 6.06.12
INCA nProtect 2011-01-17.01
Panda Antivirus 10.0.2.7
Exploit / POC
Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
Attackers can use standard, readily available tools to exploit this issue.
Attackers can use standard, readily available tools to exploit this issue.
Solution / Fix
Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Multiple AntiVirus Products CVE-2012-1463 ELF File Scan Evasion Vulnerability
References:
References:
- Ahnlab Homepage (Ahnlab)
- Authentium Homepage (Authentium)
- BitDefender Homepage (BitDefender)
- Comodo Homepage (Comodo)
- eSafe Homepage (eSafe)
- F-Secure Homepage (F-Secure)
- Frisk Software Homepage (Frisk Software)
- INCA Homepage (INCA)
- McAfee Homepage (McAfee)
- Norman Homepage (Norman)
- Panda Homepage (Panda)
- Quick Heal Technologies Homepage (Quick Heal Technologies)
- Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)