All the vulnerabilites related to ahnlab - v3_internet_security
Vulnerability from fkie_nvd
Published
2007-11-20 20:46
Modified
2024-11-21 00:39
Severity ?
Summary
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2008:*:platinum:*:*:*:*:*",
"matchCriteriaId": "380B5EAC-334D-4DC8-8787-BD8CD8DE81EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the \"Filename length\" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field\u0027s value is larger than the actual number of bytes in the filename."
},
{
"lang": "es",
"value": "AhnLab Antivirus 3 Internet Security 2008 Platinum a\u00f1ade datos en una cadena de nombre de archivo en una localizaci\u00f3n indicada por el campo \"Filename length\" en un cabecera ZIP, lo cual permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de m\u00e1quina) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del un archivo ZIP en el cual este valor de campo es mayor que el actual n\u00famero de bytes en el nombre de archivo."
}
],
"id": "CVE-2007-6060",
"lastModified": "2024-11-21T00:39:17.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-20T20:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42352"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27757"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3382"
},
{
"source": "cve@mitre.org",
"url": "http://secway.org/advisory/AD20071116.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483799/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26473"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018977"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3983"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secway.org/advisory/AD20071116.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483799/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38514"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-24 20:29
Modified
2024-11-21 01:54
Severity ?
Summary
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/54465 | Permissions Required, Third Party Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/90626 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/54465 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/90626 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 8.0.7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:8.0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6996B2-D9F7-4143-9F01-40FB9178FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en AhnLab V3 Internet Security 8.0.7.5 (Build 1373) permite que los usuarios locales obtengan privilegios mediante una llamada IOCTL 0xA3350014 manipulada."
}
],
"id": "CVE-2013-3947",
"lastModified": "2024-11-21T01:54:35.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T20:29:00.233",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/54465"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/54465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90626"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| authentium | command_antivirus | 5.2.11.5 | |
| bitdefender | bitdefender | 7.2 | |
| cat | quick_heal | 11.00 | |
| comodo | comodo_antivirus | 7424 | |
| f-prot | f-prot_antivirus | 4.6.2.117 | |
| f-secure | f-secure_anti-virus | 9.0.16160.0 | |
| mcafee | scan_engine | 5.400.0.1158 | |
| norman | norman_antivirus_\&_antispyware | 6.06.12 | |
| nprotect | nprotect_antivirus | 2011-01-17.01 | |
| pandasecurity | panda_antivirus | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos ELF en AhnLab V3 Internet Security v2011.01.18.00, BitDefender v7.2, Quick Heal (tambi\u00e9n conocido como Cat QuickHeal) v11.00, Command Antivirus v5.2.11.5, Comodo Antivirus v7424, eSafe v7.0.17.0, F-Prot Antivirus v4.6.2.117, F-Secure Anti-Virus v9.0.16160.0, McAfee Anti-Virus Scanning Engine v5.400.0.1158, Norman Antivirus v6.6.12, nProtect anti-Virus v2011-01-17.01, y Panda Antivirus v10.0.2.7 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo ELF con un campo endianness modificado. NOTA: esto m\u00e1s tarde se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador ELF."
}
],
"id": "CVE-2012-1463",
"lastModified": "2024-11-21T01:37:02.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:49.740",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80426"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80433"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52614"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| avg | avg_anti-virus | 10.0.0.1190 | |
| cat | quick_heal | 11.00 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| fortinet | fortinet_antivirus | 4.2.254.0 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| jiangmin | jiangmin_antivirus | 13.0.900 | |
| kaspersky | kaspersky_anti-virus | 7.0.0.125 | |
| symantec | endpoint_protection | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos ZIP en AhnLab V3 Internet Security v2011.01.18.00, AVG Anti-Virus v10.0.0.1190, Quick Heal (tambi\u00e9n conocido como Cat QuickHeal) v11.00, a-squared Anti-Malware v5.1.0.1, eSafe v7.0.17.0, Fortinet Antivirus v4.2.254.0, Ikarus Virus Utilities T3 esc\u00e1ner de l\u00ednea de comandos v1.1.97.0, Jiangmin Antivirus v13.0.900, Kaspersky Anti-Virus v7.0.0.125, Norman Antivirus v6.6.12, Sophos Anti-Virus v4.61.0, y AVEngine v20101.3.0.103 de Symantec Endpoint Protection v11 permite a los atacantes remotos eludir la detecci\u00f3n de malware a trav\u00e9s de un archivo ZIP que contiene un bloque de datos no v\u00e1lido en el cominezo. NOTA: esto m\u00e1s tarde se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones de \u00e1rea del analizador."
}
],
"id": "CVE-2012-1462",
"lastModified": "2024-11-21T01:37:02.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:49.707",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52613"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| pandasecurity | panda_antivirus | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\50\\4B\\4C\\49\\54\\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos EXE Microsoft en AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar de malware detecci\u00f3n a trav\u00e9s de un archivo EXE con una secuencia de caracteres \\50\\4B\\4C\\49\\54\\45 en un lugar determinado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador EXE."
}
],
"id": "CVE-2012-1435",
"lastModified": "2024-11-21T01:36:58.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:37
Severity ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos TAR en AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, Avira AntiVir versi\u00f3n 7.11.1.163, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, AVG Anti-Virus versi\u00f3n 10.0.0.1190, Bitdefender versi\u00f3n 7.2, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, ClamAV versi\u00f3n 0.96.4, Command Antivirus versi\u00f3n 5.2.11.5, Comodo Antivirus versi\u00f3n 7424, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, F-Prot Antivirus versi\u00f3n 4.6.2.117, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, Fortinet Antivirus versi\u00f3n 4.2.254.0, G Data AntiVirus versi\u00f3n 21, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Jiangmin Antivirus versi\u00f3n 13.0.900, K7 AntiVirus versi\u00f3n 9.77.3565, Kaspersky Anti-Virus versi\u00f3n 7.0.0.125, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, NOD32 Antivirus versi\u00f3n 5795, Norman Antivirus versi\u00f3n 6.06.12, nProtect antivirus versi\u00f3n 2011-01-17.01, Panda Antivirus versi\u00f3n 10.0.2.7, PC Tools AntiVirus versi\u00f3n 7.0.3.5, Rising Antivirus versi\u00f3n 22.83.00.03, Sophos Anti-Virus versi\u00f3n 4.61.0, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, VBA32 versi\u00f3n 3.12.14.2 y VirusBuster versi\u00f3n 13.6.151.0, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de una entrada de archivo TAR con un campo de longitud correspondiente a toda la entrada, adem\u00e1s de parte del encabezado de la siguiente entrada. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador de TAR."
}
],
"id": "CVE-2012-1459",
"lastModified": "2024-11-21T01:37:02.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:49.597",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80389"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80390"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80391"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80392"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80393"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80395"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80396"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80403"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80406"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80407"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80409"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52623"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| pandasecurity | panda_antivirus | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\2D\\6C\\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos EXE Microsoft en AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar de malware detecci\u00f3n a trav\u00e9s de un archivo EXE con una secuencia de caracteres \\2D\\6C\\68 en un lugar determinado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador EXE."
}
],
"id": "CVE-2012-1436",
"lastModified": "2024-11-21T01:36:58.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| pandasecurity | panda_antivirus | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\19\\04\\00\\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos EXE Microsoft en AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo EXE con una secuencia de caracteres \\19\\04\\00\\10 en un lugar determinado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador EXE."
}
],
"id": "CVE-2012-1434",
"lastModified": "2024-11-21T01:36:58.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.723",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
"matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
"matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
"matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
"matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
"matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
"matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
"matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
"matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
"matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
"matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
"matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
"matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos RAR en ClamAV versi\u00f3n 0.96.4, Rising Antivirus versi\u00f3n 22.83.00.03, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, G Data AntiVirus versi\u00f3n 21, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Command Antivirus versi\u00f3n 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, PC Tools AntiVirus versi\u00f3n 7.0.3.5, F-Prot Antivirus versi\u00f3n 4.6.2.117, VirusBuster versi\u00f3n 13.6.151.0, Fortinet antivirus versi\u00f3n 4.2.254.0, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, K7 AntiVirus versi\u00f3n 9.77.3565, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, Kaspersky Antivirus versi\u00f3n 7.0.0.125, Jiangmin Antivirus versi\u00f3n 13.0.900, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, Sophos Anti-Virus versi\u00f3n 4.61.0, NOD32 Antivirus versi\u00f3n 5795, Avira AntiVir versi\u00f3n 7.11.1.163, Norman Antivirus versi\u00f3n 6.06.12, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, Panda Antivirus versi\u00f3n 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Comodo Antivirus versi\u00f3n 7424, Bitdefender versi\u00f3n 7.2, eSafe versi\u00f3n 7.0.17.0, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, nProtect Versi\u00f3n antivirus 2011-01-17.01, AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, AVG Anti-Virus versi\u00f3n 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versi\u00f3n 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detecci\u00f3n de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR."
}
],
"id": "CVE-2012-1443",
"lastModified": "2024-11-21T01:36:59.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:48.083",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80454"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80455"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80456"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80457"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80458"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80459"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80460"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80461"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80467"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80468"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80469"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80470"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80471"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/80472"
},
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-12 18:30
Modified
2024-11-21 00:54
Severity ?
Summary
AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2008.9.13.0 | |
| ahnlab | v3_internet_security | 2008.12.4.1 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2008.9.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97AAC686-393C-4A3C-BD22-CFC1863D1A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2008.12.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAA0318-BF02-4E11-A7BF-C906A0A098D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
},
{
"lang": "es",
"value": "AhnLab V3 v2008.12.4.1 y posiblemente v2008.9.13.0, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detecci\u00f3n de malware en un documento HTML colocando una cabecera MZ (alias \"EXE info\") al principio, y modificar el nombre del archivo a (1 ) sin extensi\u00f3n, (2) una extensi\u00f3n. txt, o (3) una extensi\u00f3n .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745."
}
],
"id": "CVE-2008-5520",
"lastModified": "2024-11-21T00:54:14.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-12T18:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4723"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-21 10:11
Modified
2024-11-21 01:36
Severity ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ahnlab | v3_internet_security | 2011.01.18.00 | |
| aladdin | esafe | 7.0.17.0 | |
| emsisoft | anti-malware | 5.1.0.1 | |
| ikarus | ikarus_virus_utilities_t3_command_line_scanner | 1.1.97.0 | |
| pandasecurity | panda_antivirus | 10.0.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
},
{
"lang": "es",
"value": "El analizador de archivos EXE Microsoft en AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar de malware detecci\u00f3n a trav\u00e9s de un archivo EXE con una secuencia de caracteres \\4a\\46\\49\\46 en un lugar determinado. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador EXE."
}
],
"id": "CVE-2012-1433",
"lastModified": "2024-11-21T01:36:58.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-21T10:11:47.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/522005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-6060
Vulnerability from cvelistv5
Published
2007-11-20 20:00
Modified
2024-08-07 15:54
Severity ?
EPSS score ?
Summary
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1018977 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/27757 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38514 | vdb-entry, x_refsource_XF | |
| http://secway.org/advisory/AD20071116.txt | x_refsource_MISC | |
| http://global.ahnlab.com/global/notice_view.ESD?fmethod=view&press_seq=803&printNum=2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/26473 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/42352 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/483799/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3382 | third-party-advisory, x_refsource_SREASON | |
| http://www.vupen.com/english/advisories/2007/3983 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1018977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018977"
},
{
"name": "27757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27757"
},
{
"name": "ahnlab-antivirus-zip-code-execution(38514)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secway.org/advisory/AD20071116.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2"
},
{
"name": "26473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26473"
},
{
"name": "42352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42352"
},
{
"name": "20071116 AhnLab AntiVirus Remote Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483799/100/0/threaded"
},
{
"name": "3382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3382"
},
{
"name": "ADV-2007-3983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the \"Filename length\" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field\u0027s value is larger than the actual number of bytes in the filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1018977",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018977"
},
{
"name": "27757",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27757"
},
{
"name": "ahnlab-antivirus-zip-code-execution(38514)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secway.org/advisory/AD20071116.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2"
},
{
"name": "26473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26473"
},
{
"name": "42352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42352"
},
{
"name": "20071116 AhnLab AntiVirus Remote Kernel Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483799/100/0/threaded"
},
{
"name": "3382",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3382"
},
{
"name": "ADV-2007-3983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the \"Filename length\" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field\u0027s value is larger than the actual number of bytes in the filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1018977",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018977"
},
{
"name": "27757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27757"
},
{
"name": "ahnlab-antivirus-zip-code-execution(38514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38514"
},
{
"name": "http://secway.org/advisory/AD20071116.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20071116.txt"
},
{
"name": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2",
"refsource": "CONFIRM",
"url": "http://global.ahnlab.com/global/notice_view.ESD?fmethod=view\u0026press_seq=803\u0026printNum=2"
},
{
"name": "26473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26473"
},
{
"name": "42352",
"refsource": "OSVDB",
"url": "http://osvdb.org/42352"
},
{
"name": "20071116 AhnLab AntiVirus Remote Kernel Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483799/100/0/threaded"
},
{
"name": "3382",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3382"
},
{
"name": "ADV-2007-3983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6060",
"datePublished": "2007-11-20T20:00:00",
"dateReserved": "2007-11-20T00:00:00",
"dateUpdated": "2024-08-07T15:54:26.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5520
Vulnerability from cvelistv5
Published
2008-12-12 18:13
Modified
2024-08-07 10:56
Severity ?
EPSS score ?
Summary
AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/4723 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/499043/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/498995/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:56:46.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name": "4723",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4723"
},
{
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name": "4723",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4723"
},
{
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name": "4723",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4723"
},
{
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5520",
"datePublished": "2008-12-12T18:13:00",
"dateReserved": "2008-12-12T00:00:00",
"dateUpdated": "2024-08-07T10:56:46.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1443
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/80472 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/52612 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/80467 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80461 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80470 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80460 | vdb-entry, x_refsource_OSVDB | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80468 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80456 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80457 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80458 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80454 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80455 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80459 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80469 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/80471 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:00.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "80472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80460"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "80472",
"refsource": "OSVDB",
"url": "http://osvdb.org/80472"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "52612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52612"
},
{
"name": "80467",
"refsource": "OSVDB",
"url": "http://osvdb.org/80467"
},
{
"name": "80461",
"refsource": "OSVDB",
"url": "http://osvdb.org/80461"
},
{
"name": "80470",
"refsource": "OSVDB",
"url": "http://osvdb.org/80470"
},
{
"name": "80460",
"refsource": "OSVDB",
"url": "http://osvdb.org/80460"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80468",
"refsource": "OSVDB",
"url": "http://osvdb.org/80468"
},
{
"name": "80456",
"refsource": "OSVDB",
"url": "http://osvdb.org/80456"
},
{
"name": "80457",
"refsource": "OSVDB",
"url": "http://osvdb.org/80457"
},
{
"name": "80458",
"refsource": "OSVDB",
"url": "http://osvdb.org/80458"
},
{
"name": "80454",
"refsource": "OSVDB",
"url": "http://osvdb.org/80454"
},
{
"name": "80455",
"refsource": "OSVDB",
"url": "http://osvdb.org/80455"
},
{
"name": "80459",
"refsource": "OSVDB",
"url": "http://osvdb.org/80459"
},
{
"name": "80469",
"refsource": "OSVDB",
"url": "http://osvdb.org/80469"
},
{
"name": "80471",
"refsource": "OSVDB",
"url": "http://osvdb.org/80471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1443",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:00.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3947
Vulnerability from cvelistv5
Published
2018-04-24 20:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54465 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90626 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54465"
},
{
"name": "ahnlab-cve20133947-priv-esc(90626)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-24T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "54465",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54465"
},
{
"name": "ahnlab-cve20133947-priv-esc(90626)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54465"
},
{
"name": "ahnlab-cve20133947-priv-esc(90626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3947",
"datePublished": "2018-04-24T20:00:00",
"dateReserved": "2013-06-04T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1434
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-09-17 04:20
Severity ?
EPSS score ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\19\\04\\00\\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-21T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\19\\04\\00\\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1434",
"datePublished": "2012-03-21T10:00:00Z",
"dateReserved": "2012-02-29T00:00:00Z",
"dateUpdated": "2024-09-17T04:20:25.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1435
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-09-17 03:27
Severity ?
EPSS score ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\50\\4B\\4C\\49\\54\\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-21T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\50\\4B\\4C\\49\\54\\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1435",
"datePublished": "2012-03-21T10:00:00Z",
"dateReserved": "2012-02-29T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:52.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1459
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-17T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2012:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"name": "80406",
"refsource": "OSVDB",
"url": "http://osvdb.org/80406"
},
{
"name": "80393",
"refsource": "OSVDB",
"url": "http://osvdb.org/80393"
},
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80403",
"refsource": "OSVDB",
"url": "http://osvdb.org/80403"
},
{
"name": "80389",
"refsource": "OSVDB",
"url": "http://osvdb.org/80389"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "multiple-av-tar-header-evasion(74302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"refsource": "OSVDB",
"url": "http://osvdb.org/80390"
},
{
"name": "MDVSA-2012:094",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094"
},
{
"name": "80407",
"refsource": "OSVDB",
"url": "http://osvdb.org/80407"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
},
{
"name": "52623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1459",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1462
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74310 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/52613 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:01.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "multiple-av-zip-file-evasion(74310)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
},
{
"name": "52613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "multiple-av-zip-file-evasion(74310)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
},
{
"name": "52613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "multiple-av-zip-file-evasion(74310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310"
},
{
"name": "52613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1462",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:01.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1463
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-08-06 19:01
Severity ?
EPSS score ?
Summary
The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/80433 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/52614 | vdb-entry, x_refsource_BID | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC | |
| http://osvdb.org/80426 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74311 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80433",
"refsource": "OSVDB",
"url": "http://osvdb.org/80433"
},
{
"name": "52614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52614"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"refsource": "OSVDB",
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1463",
"datePublished": "2012-03-21T10:00:00",
"dateReserved": "2012-02-29T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1436
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\2D\\6C\\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-21T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\2D\\6C\\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1436",
"datePublished": "2012-03-21T10:00:00Z",
"dateReserved": "2012-02-29T00:00:00Z",
"dateUpdated": "2024-09-17T00:10:55.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1433
Vulnerability from cvelistv5
Published
2012-03-21 10:00
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/522005 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ieee-security.org/TC/SP2012/program.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:53:37.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-21T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1433",
"datePublished": "2012-03-21T10:00:00Z",
"dateReserved": "2012-02-29T00:00:00Z",
"dateUpdated": "2024-09-17T00:06:10.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}