Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability

Bugtraq ID:	52621
Class:	Design Error
CVE:	CVE-2012-1453
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 30 2012 04:10PM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	Trend Micro Trend Micro 9.120 1004 Trend Micro HouseCall 9.120 1004 Sophos Anti-Virus 4.61 Rising Antivirus 22.83 03 Quick Heal Technologies CAT-QuickHeal 11.00 Panda Antivirus 10.0.2 7 Microsoft Antivirus 1.6402 McAfee McAfee-GW-Edition 2010.1C McAfee McAfee 5.0.2.03300 Kaspersky Anti-Virus 7.0.0.125 Ikarus Antivirus T3.1.1.97.0 Fortinet Antivirus 4.2.254 0 Emsisoft Antivirus 5.1 1.0 Emsisoft Antivirus 5.1 1 Computer Associates eTrust Vet Antivirus 36.1.8511 Antiy Antiy-AVL 2.0.3 7
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

McAfee 5.0.2.03300
TrendMicro-HouseCall 9.120.0.1004
Kaspersky 7.0.0.125
Sophos 4.61.0
TrendMicro 9.120.0.1004
McAfee-GW-Edition 2010.1C
Emsisoft 5.1.0.1
eTrust-Vet 36.1.8511
Antiy-AVL 2.0.3.7
Microsoft 1.6402,
Rising 22.83.00.03
Ikarus T3.1.1.97.0
Fortinet 4.2.254.0
Panda 10.0.2.7

Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AntiVirus Products CVE-2012-1453 CAB File Scan Evasion Vulnerability

References:

• Antiy Homepage (Antiy)
  
• Computer Associates Web Site (Computer Associates)
  
• Emsisoft Homepage (Emsisoft)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)
  
• Fortinet Homepage (Fortinet)
  
• Ikarus Homepage (Ikarus)
  
• Kaspersky Antivirus Homepage (Kaspersky Labs)
  
• McAfee Homepage (McAfee)
  
• Microsoft Homepage (Microsoft)
  
• Panda Homepage (Panda)
  
• Quick Heal Homepage (Quick Heal)
  
• Rising Homepage (Rising International Software)
  
• Sophos Homepage (Sophos)
  
• Trend Micro Homepage (Trend Micro)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)