Lucene search

[email protected]CVE-2012-1426

HistoryMar 21, 2012 - 10:11 a.m.

CVE-2012-1426

2012-03-2110:11:47

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-1426

quick heal

command antivirus

f-prot antivirus

k7 antivirus

norman antivirus

rising antivirus

remote attackers

malware detection

tar parser

security vulnerability

cybersecurity

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected configurations

NVD

Node

authentiumcommand_antivirusMatch5.2.11.5

catquick_healMatch11.00

f-protf-prot_antivirusMatch4.6.2.117

k7computingantivirusMatch9.77.3565

normannorman_antivirus_\&_antispywareMatch6.06.12

rising-globalrising_antivirusMatch22.83.00.03

CPENameOperatorVersion
authentium:command_antivirusauthentium command antiviruseq5.2.11.5
cat:quick_healcat quick healeq11.00
f-prot:f-prot_antivirusf-prot f-prot antiviruseq4.6.2.117
k7computing:antivirusk7computing antiviruseq9.77.3565
norman:norman_antivirus_\&_antispywarenorman norman antivirus & antispywareeq6.06.12
rising-global:rising_antivirusrising-global rising antiviruseq22.83.00.03

CPE	Name	Operator	Version
authentium:command_antivirus	authentium command antivirus	eq	5.2.11.5
cat:quick_heal	cat quick heal	eq	11.00
f-prot:f-prot_antivirus	f-prot f-prot antivirus	eq	4.6.2.117
k7computing:antivirus	k7computing antivirus	eq	9.77.3565
norman:norman_antivirus_\&_antispyware	norman norman antivirus & antispyware	eq	6.06.12
rising-global:rising_antivirus	rising-global rising antivirus	eq	22.83.00.03

References

osvdb.org/80406

osvdb.org/80407

osvdb.org/80409

www.ieee-security.org/TC/SP2012/program.html

www.securityfocus.com/archive/1/522005

www.securityfocus.com/bid/52585

exchange.xforce.ibmcloud.com/vulnerabilities/74241

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2012-1426

cvelist1 prion1 nvd1