All the vulnerabilites related to softwin - bitdefender
cve-2005-3154
Vulnerability from cvelistv5
Published
2005-10-05 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/16991 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/45 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/14968 | vdb-entry, x_refsource_BID | |
| http://shadock.net/secubox/BitDefenderLoggingFunc.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:57.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html"
},
{
"name": "16991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16991"
},
{
"name": "45",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/45"
},
{
"name": "14968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14968"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shadock.net/secubox/BitDefenderLoggingFunc.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-27T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html"
},
{
"name": "16991",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16991"
},
{
"name": "45",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/45"
},
{
"name": "14968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14968"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shadock.net/secubox/BitDefenderLoggingFunc.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html",
"refsource": "CONFIRM",
"url": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html"
},
{
"name": "16991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16991"
},
{
"name": "45",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/45"
},
{
"name": "14968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14968"
},
{
"name": "http://shadock.net/secubox/BitDefenderLoggingFunc.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/BitDefenderLoggingFunc.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3154",
"datePublished": "2005-10-05T04:00:00",
"dateReserved": "2005-10-05T00:00:00",
"dateUpdated": "2024-08-07T23:01:57.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6627
Vulnerability from cvelistv5
Published
2006-12-18 11:00
Modified
2024-08-07 20:33
Severity ?
EPSS score ?
Summary
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21610 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1017389 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/2044 | third-party-advisory, x_refsource_SREASON | |
| http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html | x_refsource_CONFIRM | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/23415 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/454501/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/5040 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30904 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21610"
},
{
"name": "1017389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017389"
},
{
"name": "2044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html"
},
{
"name": "23415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23415"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454501/100/0/threaded"
},
{
"name": "ADV-2006-5040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5040"
},
{
"name": "bitdefender-pefile-bo(30904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the \"cevakrnl.xmd vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21610"
},
{
"name": "1017389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017389"
},
{
"name": "2044",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html"
},
{
"name": "23415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23415"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454501/100/0/threaded"
},
{
"name": "ADV-2006-5040",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5040"
},
{
"name": "bitdefender-pefile-bo(30904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the \"cevakrnl.xmd vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21610"
},
{
"name": "1017389",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017389"
},
{
"name": "2044",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2044"
},
{
"name": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html"
},
{
"name": "23415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23415"
},
{
"name": "20061215 BitDefender AV Packed PE File Parsing Engine Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454501/100/0/threaded"
},
{
"name": "ADV-2006-5040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5040"
},
{
"name": "bitdefender-pefile-bo(30904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6627",
"datePublished": "2006-12-18T11:00:00",
"dateReserved": "2006-12-17T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1429
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 18:53
Severity ?
EPSS score ?
Summary
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74244 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-av-elf-ustar-evasion(74244)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-av-elf-ustar-evasion(74244)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-av-elf-ustar-evasion(74244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1429",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T18:53:37.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1947
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15911 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10174 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=108248367901616&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/11427 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/10175 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1009862 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/5549 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108240639427412&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "bitdefender-avxscanonline-code-execution(15911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
},
{
"name": "10174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10174"
},
{
"name": "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108248367901616\u0026w=2"
},
{
"name": "11427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11427"
},
{
"name": "10175",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10175"
},
{
"name": "1009862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009862"
},
{
"name": "5549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5549"
},
{
"name": "20040419 BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108240639427412\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "bitdefender-avxscanonline-code-execution(15911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
},
{
"name": "10174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10174"
},
{
"name": "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108248367901616\u0026w=2"
},
{
"name": "11427",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11427"
},
{
"name": "10175",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10175"
},
{
"name": "1009862",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009862"
},
{
"name": "5549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5549"
},
{
"name": "20040419 BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108240639427412\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitdefender-avxscanonline-code-execution(15911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
},
{
"name": "10174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10174"
},
{
"name": "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108248367901616\u0026w=2"
},
{
"name": "11427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11427"
},
{
"name": "10175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10175"
},
{
"name": "1009862",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009862"
},
{
"name": "5549",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5549"
},
{
"name": "20040419 BitDefender Scan Online(ActiveX) - Remote File Download \u0026 Execute \u0026 Private Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108240639427412\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1947",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201203-0389
Vulnerability from variot
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party ustar With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: BitDefender AntiVirus 7.2 Comodo AntiVirus 7424 Emsisoft Antivirus 5.1.0.1 eSafe Antivirus 7.0.17.0 Ikarus Antivirus T3.1.1.97.0 McAfee McAfee 5.400.0.1158 McAfee McAfee-GW-Edition 2010.1C INCA nProtect 2011-01-17.01. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1446
- 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1459
- If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.7,
"vendor": "comodo",
"version": "7424"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.0,
"vendor": "softwin",
"version": "7.2"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 0.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "nprotect",
"scope": "eq",
"trust": 0.3,
"vendor": "inca",
"version": "2011-01-17.01"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
}
],
"sources": [
{
"db": "BID",
"id": "52581"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:softwin:bitdefender:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1429"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52581"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-1429",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54710",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-1429",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54710",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party ustar With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nBitDefender AntiVirus 7.2\nComodo AntiVirus 7424\nEmsisoft Antivirus 5.1.0.1\neSafe Antivirus 7.0.17.0\nIkarus Antivirus T3.1.1.97.0\nMcAfee McAfee 5.400.0.1158\nMcAfee McAfee-GW-Edition 2010.1C\nINCA nProtect 2011-01-17.01. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, \n Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, \n CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, \n Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, \n Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, \n PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, \n Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, \n VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1459\n\n42. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "BID",
"id": "52581"
},
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1429",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "BID",
"id": "52581",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-54710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "BID",
"id": "52581"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"id": "VAR-201203-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54710"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:10:13.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.comodo.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.nprotect.com/index.php"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/index.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mcafee.com/japan/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1429"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1429"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.nprotect.com/index.php"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "BID",
"id": "52581"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54710"
},
{
"db": "BID",
"id": "52581"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54710"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52581"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-21T10:11:47.550000",
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-54710"
},
{
"date": "2012-03-30T16:10:00",
"db": "BID",
"id": "52581"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001891"
},
{
"date": "2017-08-29T01:31:17.070000",
"db": "NVD",
"id": "CVE-2012-1429"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products ELF Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001891"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-395"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| aladdin | esafe | 7.0.17.0 | |
| comodo | comodo_antivirus | 7424 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| f-secure | f-secure_anti-virus | 9.0.16160.0 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| mcafee | gateway | 2010.1c | |
| mcafee | scan_engine | 5.400.0.1158 | |
| nprotect | nprotect_antivirus | 2011-01-17.01 | |
| softwin | bitdefender | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5A38BE-5D75-404F-AE34-7663D3E17927",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos ELF en BitDefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus motor de Detecci\u00f3n de 5.400.0.1158, McAfee gateway (anteriormente Webwasher) 2010.1C y nProtect anti-Virus 2011-01-17.01 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo ELF con una secuencia de caracteres ustar en un lugar determinado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador. ELF"
}
],
"id": "CVE-2012-1429",
"lastModified": "2024-11-21T01:36:57.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.550",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-05 23:02
Modified
2024-11-21 00:01
Severity ?
Summary
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softwin | bitdefender | 7.2 | |
| softwin | bitdefender | 8.0 | |
| softwin | bitdefender | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softwin:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5A38BE-5D75-404F-AE34-7663D3E17927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50EE6F4F-9342-4E4D-B67E-EDD01A8DD469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DFBC2D-24EB-41BF-9E63-30D0F53F5E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name."
}
],
"id": "CVE-2005-3154",
"lastModified": "2024-11-21T00:01:14.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-05T23:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/16991"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/45"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://shadock.net/secubox/BitDefenderLoggingFunc.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/14968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://kb.bitdefender.com/KB261-en--Filename-Format-String-Vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/16991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://shadock.net/secubox/BitDefenderLoggingFunc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/14968"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-19 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softwin | bitdefender | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softwin:bitdefender:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E66C8032-485B-4B96-93A6-93BC051DCE2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab."
}
],
"id": "CVE-2004-1947",
"lastModified": "2024-11-20T23:52:07.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108240639427412\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108248367901616\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11427"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009862"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5549"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10174"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10175"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108240639427412\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108248367901616\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-18 11:28
Modified
2024-11-21 00:23
Severity ?
Summary
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softwin | bitdefender | isa_server | |
| softwin | bitdefender | ms_exchange_5.5 | |
| softwin | bitdefender | ms_exchange_2000 | |
| softwin | bitdefender | ms_exchange_2003 | |
| softwin | bitdefender_antivirus | * | |
| softwin | bitdefender_antivirus | plus | |
| softwin | bitdefender_internet_security | * | |
| softwin | bitdefender_mail_protection | enterprises | |
| softwin | bitdefender_online_scanner | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softwin:bitdefender:isa_server:*:*:*:*:*:*:*",
"matchCriteriaId": "4584529B-F46B-4AF0-B2E0-89678B18A72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:ms_exchange_5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD84A8C-835F-48BA-8368-5B911B9E68CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:ms_exchange_2000:*:*:*:*:*:*:*",
"matchCriteriaId": "69152DE0-192E-46CC-9010-449C0127A7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender:ms_exchange_2003:*:*:*:*:*:*:*",
"matchCriteriaId": "153FC3E1-3DBE-4BF3-A6F9-7BB0843294E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30643C74-5FE6-44C2-8481-AAAEF4A3374F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender_antivirus:plus:*:*:*:*:*:*:*",
"matchCriteriaId": "955E771C-B250-43CC-B26E-0018E4C5EC5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A55D51C2-5E84-4133-8199-9118E9433AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender_mail_protection:enterprises:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCBEF1F-E815-4E41-B28B-9E9460055F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softwin:bitdefender_online_scanner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA30046-674A-479E-AEFD-64E847EBE9F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the \"cevakrnl.xmd vulnerability.\""
},
{
"lang": "es",
"value": "Desbordamiento de enteros en el fichero de la implementaci\u00f3n del an\u00e1lisis sint\u00e1ctico del paquete PE de los productos BitDefender anteriores a la 20060829,incluyendo Antivirus, Antivirus Plus, Internet Security, Mail Protection para Enterprises y Online Scanner, y los productos BitDefender para Microsoft ISA Server y Exchange 5.5 hasta el 2003, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero modificado, que dispara un desbordamiento de b\u00fafer basado en pila, tambi\u00e9n conocido como \"vulnerabilidad cevakrnl.xmd\"."
}
],
"id": "CVE-2006-6627",
"lastModified": "2024-11-21T00:23:14.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-18T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23415"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2044"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017389"
},
{
"source": "cve@mitre.org",
"url": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454501/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21610"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5040"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051319.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454501/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}