CVE-2012-1457

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-1457
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
http://osvdb.org/80389
http://osvdb.org/80391
http://osvdb.org/80392
http://osvdb.org/80393
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80403
http://osvdb.org/80406
http://osvdb.org/80407
http://osvdb.org/80409
http://www.ieee-security.org/TC/SP2012/program.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52610
https://exchange.xforce.ibmcloud.com/vulnerabilities/74293
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*
cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*
cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*
cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*
cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*
cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*
cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*
cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-03-21 10:11

Updated : 2018-01-18 02:29

NVD link : CVE-2012-1457

Mitre link : CVE-2012-1457

CVE.ORG link : CVE-2012-1457

JSON object : View

Products Affected

bitdefender

  • bitdefender

mcafee

  • scan_engine
  • gateway

symantec

  • endpoint_protection

gdata-software

  • g_data_antivirus

antiy

  • avl_sdk

anti-virus

  • vba32

virusbuster

  • virusbuster

kaspersky

  • kaspersky_anti-virus

emsisoft

  • anti-malware

pc_tools

  • pc_tools_antivirus

microsoft

  • security_essentials

k7computing

  • antivirus

f-prot

  • f-prot_antivirus

avg

  • avg_anti-virus

jiangmin

  • jiangmin_antivirus

aladdin

  • esafe

cat

  • quick_heal

ikarus

  • ikarus_virus_utilities_t3_command_line_scanner

trendmicro

  • trend_micro_antivirus
  • housecall

clamav

  • clamav

avira

  • antivir

authentium

  • command_antivirus

rising-global

  • rising_antivirus

eset

  • nod32_antivirus

norman

  • norman_antivirus_\&_antispyware

alwil

  • avast_antivirus
CWE
CWE-264

Permissions, Privileges, and Access Controls