Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability

Bugtraq ID:	52626
Class:	Design Error
CVE:	CVE-2012-1461
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 30 2012 04:20PM
Credit:	Suman Jana and Vitaly Shmatikov
Vulnerable:	VirusBlokAda VBA32 3.12.14 2 Trend Micro Trend Micro 9.120 1004 Trend Micro HouseCall 9.120 1004 Symantec AntiVirus 20101.3 103 Rising Antivirus 22.83 03 Norman Antivirus 6.6.12 McAfee McAfee-GW-Edition 2010.1C Kaspersky Kaspersky Antivirus 7.0 125 K7 Computing Pvt Ltd K7AntiVirus 9.77.3565 Jiangmin Corporation Jiangmin 13.0.900 Ikarus Antivirus T3.1.1.97.0 Fortinet Antivirus 4.2.254 0 Eset NOD32 5795 Emsisoft Antivirus 5.1 1 Comodo AntiVirus 7424 BitDefender AntiVirus 7.2 AVG AVG Anti-Virus 10.0 1190 Authentium Command Antivirus 5.2.11 5
Not Vulnerable:

Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability

Multiple Antivirus products are prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

The following products are affected:

AVG AVG Anti-Virus 10.0.0.1190
BitDefender AntiVirus 7.2
Quick Heal Technologies CAT-QuickHeal 11.00
Authentium Command Antivirus 5.2.11.5
Emsisoft Antivirus 5.1.0.1
Ikarus Antivirus T3.1.1.97.0
Jiangmin Corporation Jiangmin 13.0.900
K7 Computing Pvt Ltd K7AntiVirus 9.77.3565
Kaspersky Kaspersky Antivirus 7.0.0.125
McAfee McAfee 5.400.0.1158
McAfee McAfee-GW-Edition 2010.1C
Eset NOD32 5795
Norman Antivirus 6.06.12
Rising Antivirus 22.83.00.03
Symantec AntiVirus 20101.3.0.103
Trend Micro TrendMicro 9.120.0.1004
Trend Micro TrendMicro-HouseCall 9.120.0.1004
VirusBlokAda VBA32 3.12.14.2
Fortinet Antivirus 4.2.254.0
Authentium Command Antivirus 5.2.11.5
F-Secure Antivirus 9.0.16160.0
Sophos Antivirus 4.61.0

Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability

References:

• AVG Homepage (AVG)
  
• BitDefender Homepage (BitDefender)
  
• Emsisoft Homepage (Emsisoft)
  
• Ikarus Homepage (Ikarus)
  
• Jiangmin Corporation Homepage (Jiangmin Corporation)
  
• K7 Computing Pvt Ltd Homepage (K7 Computing Pvt Ltd)
  
• Kaspersky Homepage (Kaspersky)
  
• McAfee Homepage (McAfee)
  
• Norman Homepage (Norman)
  
• Rising Homepage (Rising International Software)
  
• Symantec Homepage (Symantec)
  
• Trend Micro Homepage (Trend Micro)
  
• Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (Suman Jana)