Vulnerability Details : CVE-2012-1459

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Publish Date : 2012-03-21 Last Update Date : 2012-11-06

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	4.3
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Bypass a restriction or similar
CWE ID	264

- Products Affected By CVE-2012-1459

#	Product Type	Vendor	Product	Version
1	Application	Ahnlab	V3 Internet Security	2011.01.18.00	Details Vulnerabilities
2	Application	Alwil	Avast Antivirus	4.8.1351.0	Details Vulnerabilities
3	Application	Alwil	Avast Antivirus	5.0.677.0	Details Vulnerabilities
4	Application	Anti-virus	Vba32	3.12.14.2	Details Vulnerabilities
5	Application	Antiy	Avl Sdk	2.0.3.7	Details Vulnerabilities
6	Application	Authentium	Command Antivirus	5.2.11.5	Details Vulnerabilities
7	Application	AVG	Avg Anti-virus	10.0.0.1190	Details Vulnerabilities
8	Application	Avira	Antivir	7.11.1.163	Details Vulnerabilities
9	Application	Bitdefender	Bitdefender	7.2	Details Vulnerabilities
10	Application	CAT	Quick Heal	11.00	Details Vulnerabilities
11	Application	Clamav	Clamav	0.96.4	Details Vulnerabilities
12	Application	Comodo	Comodo Antivirus	7424	Details Vulnerabilities
13	Application	Emsisoft	Anti-malware	5.1.0.1	Details Vulnerabilities
14	Application	Eset	Nod32 Antivirus	5795	Details Vulnerabilities
15	Application	F-prot	F-prot Antivirus	4.6.2.117	Details Vulnerabilities
16	Application	F-secure	F-secure Anti-virus	9.0.16160.0	Details Vulnerabilities
17	Application	Fortinet	Fortinet Antivirus	4.2.254.0	Details Vulnerabilities
18	Application	Gdata-software	G Data Antivirus	21	Details Vulnerabilities
19	Application	Ikarus	Ikarus Virus Utilities T3 Command Line Scanner	1.1.97.0	Details Vulnerabilities
20	Application	Jiangmin	Jiangmin Antivirus	13.0.900	Details Vulnerabilities
21	Application	K7computing	Antivirus	9.77.3565	Details Vulnerabilities
22	Application	Kaspersky	Kaspersky Anti-virus	7.0.0.125	Details Vulnerabilities
23	Application	Mcafee	Gateway	2010.1c	Details Vulnerabilities
24	Application	Mcafee	Scan Engine	5.400.0.1158	Details Vulnerabilities
25	Application	Microsoft	Security Essentials	2.0	Details Vulnerabilities
26	Application	Norman	Norman Antivirus & Antispyware	6.06.12	Details Vulnerabilities
27	Application	Nprotect	Nprotect Antivirus	2011-01-17.01	Details Vulnerabilities
28	Application	Pandasecurity	Panda Antivirus	10.0.2.7	Details Vulnerabilities
29	Application	Pc Tools	Pc Tools Antivirus	7.0.3.5	Details Vulnerabilities
30	Application	Rising-global	Rising Antivirus	22.83.00.03	Details Vulnerabilities
31	Application	Sophos	Sophos Anti-virus	4.61.0	Details Vulnerabilities
32	Application	Symantec	Endpoint Protection	11.0	Details Vulnerabilities
33	Application	Trendmicro	Housecall	9.120.0.1004	Details Vulnerabilities
34	Application	Trendmicro	Trend Micro Antivirus	9.120.0.1004	Details Vulnerabilities
35	Application	Virusbuster	Virusbuster	13.6.151.0	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Ahnlab	V3 Internet Security	1
Alwil	Avast Antivirus	2
Anti-virus	Vba32	1
Antiy	Avl Sdk	1
Authentium	Command Antivirus	1
AVG	Avg Anti-virus	1
Avira	Antivir	1
Bitdefender	Bitdefender	1
CAT	Quick Heal	1
Clamav	Clamav	1
Comodo	Comodo Antivirus	1
Emsisoft	Anti-malware	1
Eset	Nod32 Antivirus	1
F-prot	F-prot Antivirus	1
F-secure	F-secure Anti-virus	1
Fortinet	Fortinet Antivirus	1
Gdata-software	G Data Antivirus	1
Ikarus	Ikarus Virus Utilities T3 Command Line Scanner	1
Jiangmin	Jiangmin Antivirus	1
K7computing	Antivirus	1
Kaspersky	Kaspersky Anti-virus	1
Mcafee	Gateway	1
Mcafee	Scan Engine	1
Microsoft	Security Essentials	1
Norman	Norman Antivirus & Antispyware	1
Nprotect	Nprotect Antivirus	1
Pandasecurity	Panda Antivirus	1
Pc Tools	Pc Tools Antivirus	1
Rising-global	Rising Antivirus	1
Sophos	Sophos Anti-virus	1
Symantec	Endpoint Protection	1
Trendmicro	Housecall	1
Trendmicro	Trend Micro Antivirus	1
Virusbuster	Virusbuster	1

- References For CVE-2012-1459

http://osvdb.org/80390
OSVDB 80390

http://osvdb.org/80389
OSVDB 80389

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
SUSE openSUSE-SU-2012:0833

http://osvdb.org/80391
OSVDB 80391

http://osvdb.org/80392
OSVDB 80392

http://osvdb.org/80403
OSVDB 80403 Kaspersky Anti-Virus Malformed TAR File Handling Scan Bypass Kaspersky Anti-Virus Malformed TAR File Handling Scan Bypass

http://osvdb.org/80393
OSVDB 80393

http://osvdb.org/80395
OSVDB 80395

http://osvdb.org/80396
OSVDB 80396

http://osvdb.org/80406
OSVDB 80406 F-Prot Antivirus Malformed TAR File Handling Scan Bypass F-Prot Antivirus Malformed TAR File Handling Scan Bypass

http://www.ieee-security.org/TC/SP2012/program.html

http://osvdb.org/80409
OSVDB 80409 Quick Heal Malformed TAR File Handling Scan Bypass Quick Heal Malformed TAR File Handling Scan Bypass

http://osvdb.org/80407
OSVDB 80407 Command Antivirus Malformed TAR File Handling Scan Bypass Command Antivirus Malformed TAR File Handling Scan Bypass

http://xforce.iss.net/xforce/xfdb/74302
XF multiple-av-tar-header-evasion(74302)

http://www.securityfocus.com/archive/1/522005
BUGTRAQ 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products

http://www.securityfocus.com/bid/52623
BID 52623 Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability Release Date:2012-07-11

- Metasploit Modules Related To CVE-2012-1459

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)