BID:52619

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

Info

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

Bugtraq ID:	52619
Class:	Design Error
CVE:	CVE-2012-1452
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 20 2012 12:00AM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Quick Heal Technologies CAT-QuickHeal 11.00 Ikarus Antivirus T3.1.1.97.0 Emsisoft Antivirus 5.1 1.0 Emsisoft Antivirus 5.1 1

Not Vulnerable:

Discussion

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

Emsisoft 5.1.0.1
Ikarus T3.1.1.97.0
CAT-QuickHeal 11.00

Exploit / POC

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Solution / Fix

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Multiple AntiVirus Products CVE-2012-1452 CAB File Scan Evasion Vulnerability

References:

Emsisoft Homepage (Emsisoft)
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)
Ikarus Homepage (Ikarus)
Quick Heal Homepage (Quick Heal)
Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)