Design/Logic Flaw

2012-03-2110:11:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CPENameOperatorVersion
quick_healeq11.00
norman_antivirus_\\&_antispywareeq6.06.12
sophos_anti-viruseq4.61.0

Name	Operator	Version
quick_heal	eq	11.00
norman_antivirus_\\&_antispyware	eq	6.06.12
sophos_anti-virus	eq	4.61.0

References

osvdb.org/80390

osvdb.org/80409

www.ieee-security.org/TC/SP2012/program.html

www.securityfocus.com/archive/1/522005

www.securityfocus.com/bid/52579

exchange.xforce.ibmcloud.com/vulnerabilities/74243