cvelistv5 - cve-2012-1443

CVE-2012-1443 (GCVE-0-2012-1443)

Vulnerability from cvelistv5 – Published: 2012-03-21 10:00 – Updated: 2024-08-06 19:01

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/80472	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/522005	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/52612	vdb-entryx_refsource_BID
	http://osvdb.org/80467	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80461	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80470	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80460	vdb-entryx_refsource_OSVDB
	http://www.ieee-security.org/TC/SP2012/program.html	x_refsource_MISC
	http://osvdb.org/80468	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80456	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80457	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80458	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80454	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80455	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80459	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80469	vdb-entryx_refsource_OSVDB
	http://osvdb.org/80471	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:01:00.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "80472",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80472"
          },
          {
            "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "name": "52612",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52612"
          },
          {
            "name": "80467",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80467"
          },
          {
            "name": "80461",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80461"
          },
          {
            "name": "80470",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80470"
          },
          {
            "name": "80460",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80460"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ieee-security.org/TC/SP2012/program.html"
          },
          {
            "name": "80468",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80468"
          },
          {
            "name": "80456",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80456"
          },
          {
            "name": "80457",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80457"
          },
          {
            "name": "80458",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80458"
          },
          {
            "name": "80454",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80454"
          },
          {
            "name": "80455",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80455"
          },
          {
            "name": "80459",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80459"
          },
          {
            "name": "80469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80469"
          },
          {
            "name": "80471",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/80471"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-07-28T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "80472",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80472"
        },
        {
          "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/522005"
        },
        {
          "name": "52612",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52612"
        },
        {
          "name": "80467",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80467"
        },
        {
          "name": "80461",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80461"
        },
        {
          "name": "80470",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80470"
        },
        {
          "name": "80460",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80460"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ieee-security.org/TC/SP2012/program.html"
        },
        {
          "name": "80468",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80468"
        },
        {
          "name": "80456",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80456"
        },
        {
          "name": "80457",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80457"
        },
        {
          "name": "80458",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80458"
        },
        {
          "name": "80454",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80454"
        },
        {
          "name": "80455",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80455"
        },
        {
          "name": "80459",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80459"
        },
        {
          "name": "80469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80469"
        },
        {
          "name": "80471",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/80471"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1443",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "80472",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80472"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "name": "52612",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52612"
            },
            {
              "name": "80467",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80467"
            },
            {
              "name": "80461",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80461"
            },
            {
              "name": "80470",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80470"
            },
            {
              "name": "80460",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80460"
            },
            {
              "name": "http://www.ieee-security.org/TC/SP2012/program.html",
              "refsource": "MISC",
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "80468",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80468"
            },
            {
              "name": "80456",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80456"
            },
            {
              "name": "80457",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80457"
            },
            {
              "name": "80458",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80458"
            },
            {
              "name": "80454",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80454"
            },
            {
              "name": "80455",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80455"
            },
            {
              "name": "80459",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80459"
            },
            {
              "name": "80469",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80469"
            },
            {
              "name": "80471",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/80471"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-1443",
    "datePublished": "2012-03-21T10:00:00",
    "dateReserved": "2012-02-29T00:00:00",
    "dateUpdated": "2024-08-06T19:01:00.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B91745E-EA83-4C70-BF2D-45A3678FA157\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C6590DF-9164-4A76-ADEE-9110C5E3588E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7877C5C9-C4CA-406F-A61A-EAFBA846A20D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A0325DA-A137-41E0-BD5E-B892F2166749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38855431-9C17-41FE-8325-A3304DECAC92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"192DFD98-11AA-4E7A-A1CB-53FC06FEB20F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E62090C-AF41-4032-B9F7-78FEBDB4AAE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62B656B8-A7FB-4451-8A32-CB7AB74165F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24D7D7FA-20E9-4560-ABC6-154CD918E307\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"343D3F40-E028-4AEE-82A4-0A17C1D1ED13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"953C363B-AD5B-4C53-AAF0-AB6BA4040D74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"803A9A92-A984-43A8-8D27-C9A6FDB19A9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"488ED4D6-0A32-43D5-840C-F76919C41C45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"673B999A-11D2-4AFF-9930-0C06E8BBAA7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"961708EB-3124-4147-A36D-BAD9241D0C88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB884937-53F0-4BB5-AA8F-1CCDCD1221D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA047323-54B7-460B-9AA0-88C3C4183218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1759C4A5-67D1-4722-954A-883694E57FAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"620DC756-B821-413C-A824-43C221E573AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B27BD224-CB70-43D2-8B0D-9F229A646B82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18FC30B1-4FB3-4891-93FE-63A93E686EB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BCE1228-61BE-4C10-898A-B8BDC5A71156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C382AA8-5E99-4669-9825-F5BBEEC12907\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:norman:norman_antivirus_\\\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81D01633-1000-425D-9026-59C50734956A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D386C31F-6114-4A15-B0D5-15686D7EF8B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D95F8C32-D238-493F-A28D-8A588E8ADD13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"410EEFDA-CFE6-4DDE-B661-BB01009B0E60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF8ADA91-4042-4E1B-9F14-78023F24B137\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E269D396-3A70-4C4B-9D79-CBBA75C280D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72379F97-0BCA-425A-92AE-9F336866FD07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32C656A2-AAAC-494A-A981-A83144070857\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.\"}, {\"lang\": \"es\", \"value\": \"El analizador de archivos RAR en ClamAV versi\\u00f3n 0.96.4, Rising Antivirus versi\\u00f3n 22.83.00.03, Quick Heal (tambi\\u00e9n se conoce como Cat QuickHeal) versi\\u00f3n 11.00, G Data AntiVirus versi\\u00f3n 21, AVEngine versi\\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\\u00f3n 11, Command Antivirus versi\\u00f3n 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versi\\u00f3n 1.1.97.0, Emsisoft Anti-Malware versi\\u00f3n 5.1.0.1, PC Tools AntiVirus versi\\u00f3n 7.0.3.5, F-Prot Antivirus versi\\u00f3n 4.6.2.117, VirusBuster versi\\u00f3n 13.6.151.0, Fortinet  antivirus versi\\u00f3n 4.2.254.0, Antiy Labs AVL SDK versi\\u00f3n 2.0.3.7, K7 AntiVirus versi\\u00f3n 9.77.3565, Trend Micro HouseCall versi\\u00f3n 9.120.0.1004, Kaspersky Antivirus versi\\u00f3n 7.0.0.125, Jiangmin Antivirus versi\\u00f3n 13.0.900, Antimalware Engine versi\\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\\u00f3n 2.0, Sophos Anti-Virus versi\\u00f3n 4.61.0, NOD32 Antivirus versi\\u00f3n 5795, Avira AntiVir versi\\u00f3n 7.11.1.163, Norman Antivirus versi\\u00f3n 6.06.12, McAfee Anti-Virus Scanning Engine versi\\u00f3n 5.400.0.1158, Panda Antivirus versi\\u00f3n 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versi\\u00f3n 2010.1C, Trend Micro AntiVirus versi\\u00f3n 9.120.0.1004, Comodo Antivirus versi\\u00f3n 7424, Bitdefender versi\\u00f3n 7.2, eSafe versi\\u00f3n 7.0.17.0, F-Secure Anti-Virus versi\\u00f3n 9.0.16160.0, nProtect Versi\\u00f3n antivirus 2011-01-17.01, AhnLab V3 Internet Security versi\\u00f3n 2011.01.18.00, AVG Anti-Virus versi\\u00f3n 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versi\\u00f3n 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detecci\\u00f3n de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser m\\u00e1s tarde SPLIT en varios CVE si se publica informaci\\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR.\"}]",
      "id": "CVE-2012-1443",
      "lastModified": "2024-11-21T01:36:59.753",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-03-21T10:11:48.083",
      "references": "[{\"url\": \"http://osvdb.org/80454\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80456\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80457\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80458\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80459\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80460\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80461\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80467\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80468\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80469\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80470\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80471\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80472\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ieee-security.org/TC/SP2012/program.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/522005\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/52612\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/80454\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80457\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80458\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80467\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80469\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80470\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/80472\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ieee-security.org/TC/SP2012/program.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/522005\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/52612\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-1443\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-03-21T10:11:48.083\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.\"},{\"lang\":\"es\",\"value\":\"El analizador de archivos RAR en ClamAV versi\u00f3n 0.96.4, Rising Antivirus versi\u00f3n 22.83.00.03, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, G Data AntiVirus versi\u00f3n 21, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Command Antivirus versi\u00f3n 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, PC Tools AntiVirus versi\u00f3n 7.0.3.5, F-Prot Antivirus versi\u00f3n 4.6.2.117, VirusBuster versi\u00f3n 13.6.151.0, Fortinet  antivirus versi\u00f3n 4.2.254.0, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, K7 AntiVirus versi\u00f3n 9.77.3565, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, Kaspersky Antivirus versi\u00f3n 7.0.0.125, Jiangmin Antivirus versi\u00f3n 13.0.900, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, Sophos Anti-Virus versi\u00f3n 4.61.0, NOD32 Antivirus versi\u00f3n 5795, Avira AntiVir versi\u00f3n 7.11.1.163, Norman Antivirus versi\u00f3n 6.06.12, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, Panda Antivirus versi\u00f3n 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Comodo Antivirus versi\u00f3n 7424, Bitdefender versi\u00f3n 7.2, eSafe versi\u00f3n 7.0.17.0, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, nProtect Versi\u00f3n antivirus 2011-01-17.01, AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, AVG Anti-Virus versi\u00f3n 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versi\u00f3n 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detecci\u00f3n de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B91745E-EA83-4C70-BF2D-45A3678FA157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C6590DF-9164-4A76-ADEE-9110C5E3588E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7877C5C9-C4CA-406F-A61A-EAFBA846A20D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0325DA-A137-41E0-BD5E-B892F2166749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38855431-9C17-41FE-8325-A3304DECAC92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"192DFD98-11AA-4E7A-A1CB-53FC06FEB20F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E62090C-AF41-4032-B9F7-78FEBDB4AAE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B656B8-A7FB-4451-8A32-CB7AB74165F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D7D7FA-20E9-4560-ABC6-154CD918E307\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"343D3F40-E028-4AEE-82A4-0A17C1D1ED13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"953C363B-AD5B-4C53-AAF0-AB6BA4040D74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803A9A92-A984-43A8-8D27-C9A6FDB19A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"488ED4D6-0A32-43D5-840C-F76919C41C45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"673B999A-11D2-4AFF-9930-0C06E8BBAA7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"961708EB-3124-4147-A36D-BAD9241D0C88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB884937-53F0-4BB5-AA8F-1CCDCD1221D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA047323-54B7-460B-9AA0-88C3C4183218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1759C4A5-67D1-4722-954A-883694E57FAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"620DC756-B821-413C-A824-43C221E573AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B27BD224-CB70-43D2-8B0D-9F229A646B82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18FC30B1-4FB3-4891-93FE-63A93E686EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BCE1228-61BE-4C10-898A-B8BDC5A71156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C382AA8-5E99-4669-9825-F5BBEEC12907\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:norman:norman_antivirus_\\\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D01633-1000-425D-9026-59C50734956A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D386C31F-6114-4A15-B0D5-15686D7EF8B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D95F8C32-D238-493F-A28D-8A588E8ADD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"410EEFDA-CFE6-4DDE-B661-BB01009B0E60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8ADA91-4042-4E1B-9F14-78023F24B137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E269D396-3A70-4C4B-9D79-CBBA75C280D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72379F97-0BCA-425A-92AE-9F336866FD07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32C656A2-AAAC-494A-A981-A83144070857\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/80454\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80456\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80457\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80458\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80459\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80460\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80461\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80470\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80471\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80472\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ieee-security.org/TC/SP2012/program.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/522005\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/52612\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/80454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80457\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80458\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/80472\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ieee-security.org/TC/SP2012/program.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/522005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/52612\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201203-0367

Vulnerability from variot - Updated: 2023-12-18 12:10

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.

Vulnerability Descriptions

Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

CVE no - CVE-2012-1419

Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

CVE no - CVE-2012-1420

Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

CVE no - CVE-2012-1421

Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1422

Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

CVE no - CVE-2012-1423

Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

CVE no - CVE-2012-1424

Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.

Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

CVE no - CVE-2012-1425

Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

CVE no - CVE-2012-1426

Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1427

Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

CVE no - CVE-2012-1428

Specially crafted infected ELF files with "ustar" at offset 257 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01

CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.

Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

CVE no - CVE-2012-1431

Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1432

Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1433

Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1434

Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1435

Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

CVE no - CVE-2012-1436

Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

Affected products - Comodo 7425

CVE no - CVE-2012-1437

Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

Affected products - Comodo 7425, Sophos 4.61.0

CVE no - CVE-2012-1438

'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1439

'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1440

'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - Prevx 3.0

'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0

CVE no - CVE-2012-1441

'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1442

Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

CVE no - CVE-2012-1443

'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1444

'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.

Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1445

'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1446

'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.

Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

CVE no - CVE-2012-1447

'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

CVE no - CVE-2012-1448

'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1449

'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1450

'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

CVE no - CVE-2012-1451

'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.

Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

CVE no - CVE-2012-1452

'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1453

'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.

Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

CVE no - CVE-2012-1454

'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.

Affected products - NOD32 5795, Rising 22.83.00.03

CVE no - CVE-2012-1455

A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.

Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

CVE no - CVE-2012-1456

If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

CVE no - CVE-2012-1457

A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

Affected products - ClamAV 0.96.4, Sophos 4.61.0

CVE no - CVE-2012-1458

In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

CVE no - CVE-2012-1460

GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

CVE no - CVE-2012-1461

If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

CVE no - CVE-2012-1462

In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

CVE no - CVE-2012-1463

Credits

Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.

References

"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0367",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "comodo",
        "version": "7424"
      },
      {
        "model": "avl sdk",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "antiy",
        "version": "2.0.3.7"
      },
      {
        "model": "command antivirus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "authentium",
        "version": "5.2.11.5"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "avg",
        "version": "10.0.0.1190"
      },
      {
        "model": "bitdefender",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "bitdefender",
        "version": "7.2"
      },
      {
        "model": "clamav",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "clamav",
        "version": "0.96.4"
      },
      {
        "model": "anti-malware",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "emsisoft",
        "version": "5.1.0.1"
      },
      {
        "model": "virus utilities t3 command line scanner",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "ikarus",
        "version": "1.1.97.0"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "jiangmin",
        "version": "13.0.900"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "pc tools",
        "version": "7.0.3.5"
      },
      {
        "model": "virusbuster",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "virusbuster",
        "version": "13.6.151.0"
      },
      {
        "model": "esafe",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "aladdin",
        "version": "7.0.17.0"
      },
      {
        "model": "f-secure anti-virus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f secure",
        "version": "9.0.16160.0"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "kaspersky",
        "version": "7.0.0.125"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "sophos",
        "version": "4.61.0"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "4.2.254.0"
      },
      {
        "model": "security essentials",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "microsoft",
        "version": "2.0"
      },
      {
        "model": "scan engine",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "mcafee",
        "version": "5.400.0.1158"
      },
      {
        "model": "endpoint protection",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "11.0"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "rising global",
        "version": "22.83.00.03"
      },
      {
        "model": "v3 internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ahnlab",
        "version": "2011.01.18.00"
      },
      {
        "model": "avast antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "alwil",
        "version": "5.0.677.0"
      },
      {
        "model": "housecall",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "9.120.0.1004"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "nprotect",
        "version": "2011-01-17.01"
      },
      {
        "model": "nod32 antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "eset",
        "version": "5795"
      },
      {
        "model": "g data antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "gdata",
        "version": "21"
      },
      {
        "model": "trend micro antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "trendmicro",
        "version": "9.120.0.1004"
      },
      {
        "model": "f-prot antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f prot",
        "version": "4.6.2.117"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "k7computing",
        "version": "9.77.3565"
      },
      {
        "model": "quick heal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cat",
        "version": "11.00"
      },
      {
        "model": "vba32",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "anti virus",
        "version": "3.12.14.2"
      },
      {
        "model": "gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "2010.1c"
      },
      {
        "model": "antivir",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "avira",
        "version": "7.11.1.163"
      },
      {
        "model": "avast antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "alwil",
        "version": "4.8.1351.0"
      },
      {
        "model": "antivirus \\\u0026 antispyware",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "norman",
        "version": "6.06.12"
      },
      {
        "model": "panda antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "pandasecurity",
        "version": "10.0.2.7"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "avast s r o",
        "version": "4.8.1351.0"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "avast s r o",
        "version": "5.0.677.0"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "avira",
        "version": "7.11.1.163"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "rising",
        "version": "22.83.00.03"
      },
      {
        "model": "nod32 anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "eset",
        "version": "5795"
      },
      {
        "model": "f-prot antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "frisk",
        "version": "4.6.2.117"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "g data",
        "version": "21"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "k7 computing",
        "version": "9.77.3565"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "norman",
        "version": "6.06.12"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nprotect",
        "version": "2011-01-17.01"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "panda security",
        "version": "10.0.2.7"
      },
      {
        "model": "vba32",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "virusblokada",
        "version": "3.12.14.2"
      },
      {
        "model": "v3 internet security",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "unlab",
        "version": "2011.01.18.00"
      },
      {
        "model": "heal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "quick heal k k",
        "version": "11.00"
      },
      {
        "model": "endpoint protection",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "11"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "9.120.0.1004"
      },
      {
        "model": "housecall",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "9.120.0.1004"
      },
      {
        "model": "web gateway software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mcafee",
        "version": "2010.1c"
      },
      {
        "model": "vba32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "virusblokada",
        "version": "3.12.142"
      },
      {
        "model": "virusbuster",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trend micro",
        "version": "13.6.1510"
      },
      {
        "model": "trend micro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trend micro",
        "version": "9.1201004"
      },
      {
        "model": "housecall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "trend micro",
        "version": "9.1201004"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20101.3103"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.61"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rising",
        "version": "22.8303"
      },
      {
        "model": "cat-quickheal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "quick heal",
        "version": "11.00"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pctools",
        "version": "7.0.35"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "panda",
        "version": "10.0.27"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "norman",
        "version": "6.6.12"
      },
      {
        "model": "mcafee-gw-edition 2010.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "computing pvt ltd k7antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "k7",
        "version": "9.77.3565"
      },
      {
        "model": "nprotect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "inca",
        "version": "2011-01-17.01"
      },
      {
        "model": "antivirus t3.1.1.97.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "ikarus",
        "version": null
      },
      {
        "model": "data software gdata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "g",
        "version": "21"
      },
      {
        "model": "software f-prot antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "frisk",
        "version": "4.6.2117"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2.2540"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.0.16160.0"
      },
      {
        "model": "nod32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eset",
        "version": "5795"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "esafe",
        "version": "7.0.170"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emsisoft",
        "version": "5.11"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bitdefender",
        "version": "7.2"
      },
      {
        "model": "antivir engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avira",
        "version": "7.11.1163"
      },
      {
        "model": "anti-virus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avg",
        "version": "10.01190"
      },
      {
        "model": "avast5 antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avast",
        "version": "5.0.6770"
      },
      {
        "model": "antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avast",
        "version": "4.8.1351.0"
      },
      {
        "model": "command antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "authentium",
        "version": "5.2.115"
      },
      {
        "model": "antiy-avl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "antiy",
        "version": "2.0.37"
      },
      {
        "model": "engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ahnlab",
        "version": "v32011.01.18.00"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "52612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Suman Jana and Vitaly Shmatikov",
    "sources": [
      {
        "db": "BID",
        "id": "52612"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-1443",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-1443",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-54724",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-1443",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201203-407",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-54724",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n   Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n   CVE no - \n   CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n   CVE no - \n   CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n   Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n    \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n    \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n   Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n   McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n   Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. \n\n   Affected products -\n   AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n   eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n   CVE no - \n   CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive\u0027s total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file\u0027s header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "BID",
        "id": "52612"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "PACKETSTORM",
        "id": "110990"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-1443",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "52612",
        "trust": 1.4
      },
      {
        "db": "OSVDB",
        "id": "80469",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80461",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80454",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80455",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80467",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80468",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80471",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80456",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80459",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80472",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80470",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80457",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80460",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "80458",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "19198",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-54724",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "110990",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "BID",
        "id": "52612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "PACKETSTORM",
        "id": "110990"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "id": "VAR-201203-0367",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:10:12.911000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AVL SDK",
        "trust": 0.8,
        "url": "http://www.antiy.net/en/avlsdk.html"
      },
      {
        "title": "Command Antivirus",
        "trust": 0.8,
        "url": "http://www.authentium.com/command/csavdownload.html"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.avast.co.jp/index"
      },
      {
        "title": "AVG Anti-Virus",
        "trust": 0.8,
        "url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.avira.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.rising-global.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.bitdefender.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.clamav.net/lang/en/"
      },
      {
        "title": "Comodo Antivirus",
        "trust": 0.8,
        "url": "http://www.comodo.com/home/internet-security/antivirus.php"
      },
      {
        "title": "Emsisoft Anti-Malware",
        "trust": 0.8,
        "url": "http://www.emsisoft.com/en/software/antimalware/"
      },
      {
        "title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
        "trust": 0.8,
        "url": "http://www.eset.com/us/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.fortinet.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.f-prot.com/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.gdata.co.jp/"
      },
      {
        "title": "IKARUS virus.utilities",
        "trust": 0.8,
        "url": "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html"
      },
      {
        "title": "Jiangmin Antivirus",
        "trust": 0.8,
        "url": "http://global.jiangmin.com/"
      },
      {
        "title": "K7 AntiVirus",
        "trust": 0.8,
        "url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
      },
      {
        "title": "MacAfee Scan Engine",
        "trust": 0.8,
        "url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.norman.com/"
      },
      {
        "title": "nProtect Anti-Virus",
        "trust": 0.8,
        "url": "http://global.nprotect.com/product/avs.php"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.ps-japan.co.jp/"
      },
      {
        "title": "PC Tools AntiVirus",
        "trust": 0.8,
        "url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.quickheal.com/"
      },
      {
        "title": "Endpoint Protection",
        "trust": 0.8,
        "url": "http://www.symantec.com/ja/jp/endpoint-protection"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://jp.trendmicro.com/jp/home/"
      },
      {
        "title": "Trend Micro HouseCall",
        "trust": 0.8,
        "url": "http://jp.trendmicro.com/jp/tools/housecall/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://anti-virus.by/en"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.virusbuster.hu/en"
      },
      {
        "title": "eSafe",
        "trust": 0.8,
        "url": "http://www.aladdin.co.jp/esafe/"
      },
      {
        "title": "V3 Internet Security",
        "trust": 0.8,
        "url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
      },
      {
        "title": "Kaspersky Anti-Virus",
        "trust": 0.8,
        "url": "http://www.kaspersky.com/kaspersky_anti-virus"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.sophos.com"
      },
      {
        "title": "Microsoft Security Essentials",
        "trust": 0.8,
        "url": "http://windows.microsoft.com/ja-jp/windows/products/security-essentials"
      },
      {
        "title": "McAfee Web Gateway",
        "trust": 0.8,
        "url": "http://www.mcafee.com/japan/products/web_gateway.asp"
      },
      {
        "title": "F-Secure Anti-Virus",
        "trust": 0.8,
        "url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/522005"
      },
      {
        "trust": 1.7,
        "url": "http://www.ieee-security.org/tc/sp2012/program.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/52612"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80454"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80455"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80456"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80457"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80458"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80459"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80460"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80461"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80467"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80468"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80469"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80470"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80471"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/80472"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1443"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1443"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/19198"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2012/mar/88"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
      },
      {
        "trust": 0.1,
        "url": "http://www.ieee-security.org/tc/sp2012/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "BID",
        "id": "52612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "PACKETSTORM",
        "id": "110990"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "db": "BID",
        "id": "52612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "db": "PACKETSTORM",
        "id": "110990"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-03-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "date": "2012-03-20T00:00:00",
        "db": "BID",
        "id": "52612"
      },
      {
        "date": "2012-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "date": "2012-03-19T23:51:01",
        "db": "PACKETSTORM",
        "id": "110990"
      },
      {
        "date": "2012-03-21T10:11:48.083000",
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "date": "2012-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-11-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-54724"
      },
      {
        "date": "2015-03-19T08:41:00",
        "db": "BID",
        "id": "52612"
      },
      {
        "date": "2012-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      },
      {
        "date": "2012-11-06T05:09:04.360000",
        "db": "NVD",
        "id": "CVE-2012-1443"
      },
      {
        "date": "2012-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple products  RAR Vulnerability that prevents file parsers from detecting malware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001895"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201203-407"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2012-1443

Vulnerability from fkie_nvd - Published: 2012-03-21 10:11 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://osvdb.org/80454
	cve@mitre.org	http://osvdb.org/80455
	cve@mitre.org	http://osvdb.org/80456
	cve@mitre.org	http://osvdb.org/80457
	cve@mitre.org	http://osvdb.org/80458
	cve@mitre.org	http://osvdb.org/80459
	cve@mitre.org	http://osvdb.org/80460
	cve@mitre.org	http://osvdb.org/80461
	cve@mitre.org	http://osvdb.org/80467
	cve@mitre.org	http://osvdb.org/80468
	cve@mitre.org	http://osvdb.org/80469
	cve@mitre.org	http://osvdb.org/80470
	cve@mitre.org	http://osvdb.org/80471
	cve@mitre.org	http://osvdb.org/80472
	cve@mitre.org	http://www.ieee-security.org/TC/SP2012/program.html
	cve@mitre.org	http://www.securityfocus.com/archive/1/522005
	cve@mitre.org	http://www.securityfocus.com/bid/52612
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80454
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80455
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80456
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80457
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80458
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80459
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80460
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80461
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80467
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80468
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80469
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80470
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80471
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/80472
	af854a3a-2127-422b-91ae-364da2661108	http://www.ieee-security.org/TC/SP2012/program.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/522005
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52612

Impacted products

Vendor	Product	Version
ahnlab	v3_internet_security	2011.01.18.00
aladdin	esafe	7.0.17.0
alwil	avast_antivirus	4.8.1351.0
alwil	avast_antivirus	5.0.677.0
anti-virus	vba32	3.12.14.2
antiy	avl_sdk	2.0.3.7
authentium	command_antivirus	5.2.11.5
avg	avg_anti-virus	10.0.0.1190
avira	antivir	7.11.1.163
bitdefender	bitdefender	7.2
cat	quick_heal	11.00
clamav	clamav	0.96.4
comodo	comodo_antivirus	7424
emsisoft	anti-malware	5.1.0.1
eset	nod32_antivirus	5795
f-prot	f-prot_antivirus	4.6.2.117
f-secure	f-secure_anti-virus	9.0.16160.0
fortinet	fortinet_antivirus	4.2.254.0
gdata-software	g_data_antivirus	21
ikarus	ikarus_virus_utilities_t3_command_line_scanner	1.1.97.0
jiangmin	jiangmin_antivirus	13.0.900
k7computing	antivirus	9.77.3565
kaspersky	kaspersky_anti-virus	7.0.0.125
mcafee	gateway	2010.1c
mcafee	scan_engine	5.400.0.1158
microsoft	security_essentials	2.0
norman	norman_antivirus_\&_antispyware	6.06.12
nprotect	nprotect_antivirus	2011-01-17.01
pandasecurity	panda_antivirus	10.0.2.7
pc_tools	pc_tools_antivirus	7.0.3.5
rising-global	rising_antivirus	22.83.00.03
sophos	sophos_anti-virus	4.61.0
symantec	endpoint_protection	11.0
trendmicro	housecall	9.120.0.1004
trendmicro	trend_micro_antivirus	9.120.0.1004
virusbuster	virusbuster	13.6.151.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B91745E-EA83-4C70-BF2D-45A3678FA157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A3A2FBE-3113-4CCB-8FCF-54CBD78FDF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7877C5C9-C4CA-406F-A61A-EAFBA846A20D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A0325DA-A137-41E0-BD5E-B892F2166749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "38855431-9C17-41FE-8325-A3304DECAC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E62090C-AF41-4032-B9F7-78FEBDB4AAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B656B8-A7FB-4451-8A32-CB7AB74165F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "343D3F40-E028-4AEE-82A4-0A17C1D1ED13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "953C363B-AD5B-4C53-AAF0-AB6BA4040D74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
              "matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "488ED4D6-0A32-43D5-840C-F76919C41C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
              "matchCriteriaId": "673B999A-11D2-4AFF-9930-0C06E8BBAA7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
              "matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C36D1BA-DB17-4FE0-8D6E-BA5649AE3BF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA047323-54B7-460B-9AA0-88C3C4183218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1759C4A5-67D1-4722-954A-883694E57FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
              "matchCriteriaId": "620DC756-B821-413C-A824-43C221E573AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27BD224-CB70-43D2-8B0D-9F229A646B82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD9BCB3B-0FE8-4716-ABC2-1DB89D330F56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BCE1228-61BE-4C10-898A-B8BDC5A71156",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C382AA8-5E99-4669-9825-F5BBEEC12907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "81D01633-1000-425D-9026-59C50734956A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95F8C32-D238-493F-A28D-8A588E8ADD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "410EEFDA-CFE6-4DDE-B661-BB01009B0E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C3D7B7-3DD1-417E-9488-A3B0F28F75E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
              "matchCriteriaId": "72379F97-0BCA-425A-92AE-9F336866FD07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C656A2-AAAC-494A-A981-A83144070857",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
    },
    {
      "lang": "es",
      "value": "El analizador de archivos RAR en ClamAV versi\u00f3n 0.96.4, Rising Antivirus versi\u00f3n 22.83.00.03, Quick Heal (tambi\u00e9n se conoce como Cat QuickHeal) versi\u00f3n 11.00, G Data AntiVirus versi\u00f3n 21, AVEngine versi\u00f3n 20101.3.0.103 en Symantec Endpoint Protection versi\u00f3n 11, Command Antivirus versi\u00f3n 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner versi\u00f3n 1.1.97.0, Emsisoft Anti-Malware versi\u00f3n 5.1.0.1, PC Tools AntiVirus versi\u00f3n 7.0.3.5, F-Prot Antivirus versi\u00f3n 4.6.2.117, VirusBuster versi\u00f3n 13.6.151.0, Fortinet  antivirus versi\u00f3n 4.2.254.0, Antiy Labs AVL SDK versi\u00f3n 2.0.3.7, K7 AntiVirus versi\u00f3n 9.77.3565, Trend Micro HouseCall versi\u00f3n 9.120.0.1004, Kaspersky Antivirus versi\u00f3n 7.0.0.125, Jiangmin Antivirus versi\u00f3n 13.0.900, Antimalware Engine versi\u00f3n 1.1.6402.0 en Microsoft Security Essentials versi\u00f3n 2.0, Sophos Anti-Virus versi\u00f3n 4.61.0, NOD32 Antivirus versi\u00f3n 5795, Avira AntiVir versi\u00f3n 7.11.1.163, Norman Antivirus versi\u00f3n 6.06.12, McAfee Anti-Virus Scanning Engine versi\u00f3n 5.400.0.1158, Panda Antivirus versi\u00f3n 10.0.2.7, McAfee Gateway (anteriormente Webwasher) versi\u00f3n 2010.1C, Trend Micro AntiVirus versi\u00f3n 9.120.0.1004, Comodo Antivirus versi\u00f3n 7424, Bitdefender versi\u00f3n 7.2, eSafe versi\u00f3n 7.0.17.0, F-Secure Anti-Virus versi\u00f3n 9.0.16160.0, nProtect Versi\u00f3n antivirus 2011-01-17.01, AhnLab V3 Internet Security versi\u00f3n 2011.01.18.00, AVG Anti-Virus versi\u00f3n 10.0.0.1190, avast! antivirus versiones 4.8.1351.0 y 5.0.677.0, y VBA32 versi\u00f3n 3.12.14.2, permite a los atacantes remotos asistidos por el usuario omitir la detecci\u00f3n de malware por medio de un archivo RAR con una inicial Secuencia de caracteres MZ. NOTA: esto puede ser m\u00e1s tarde SPLIT en varios CVE si se publica informaci\u00f3n adicional que muestra que el error se produjo de manera independiente en diferentes implementaciones de analizador RAR."
    }
  ],
  "id": "CVE-2012-1443",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-21T10:11:48.083",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80454"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80455"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80456"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80457"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80458"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80459"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80460"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80461"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80467"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80468"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80470"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80471"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/80472"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ieee-security.org/TC/SP2012/program.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/522005"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/52612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ieee-security.org/TC/SP2012/program.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/522005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52612"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

PYSEC-2012-24

Vulnerability from pysec - Published: 2012-03-21 10:11 - Updated: 2024-11-21 14:22

Details

Impacted products

Name	purl
bitdefender	pkg:pypi/bitdefender

Aliases

CVE-2012-1443

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "bitdefender",
        "purl": "pkg:pypi/bitdefender"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2012-1443"
  ],
  "details": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
  "id": "PYSEC-2012-24",
  "modified": "2024-11-21T14:22:41.111226Z",
  "published": "2012-03-21T10:11:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.ieee-security.org/TC/SP2012/program.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/522005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52612"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80471"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80470"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80454"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80455"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80456"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80457"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80459"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80469"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80458"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80468"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80467"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80461"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80460"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80472"
    }
  ],
  "withdrawn": "2024-11-22T04:37:03Z"
}

GHSA-VPV6-P582-58CQ

Vulnerability from github – Published: 2022-05-17 05:18 – Updated: 2022-05-17 05:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-1443"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-03-21T10:11:00Z",
    "severity": "MODERATE"
  },
  "details": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
  "id": "GHSA-vpv6-p582-58cq",
  "modified": "2022-05-17T05:18:54Z",
  "published": "2022-05-17T05:18:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1443"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80454"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80455"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80456"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80457"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80458"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80459"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80460"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80461"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80467"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80468"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80469"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80470"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80471"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/80472"
    },
    {
      "type": "WEB",
      "url": "http://www.ieee-security.org/TC/SP2012/program.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/522005"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52612"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-1443

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-1443

Aliases

CVE-2012-1443

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-1443",
    "description": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
    "id": "GSD-2012-1443",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-1443.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-1443"
      ],
      "details": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.",
      "id": "GSD-2012-1443",
      "modified": "2023-12-13T01:20:18.010576Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-1443",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "80472",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80472"
          },
          {
            "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "name": "52612",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/52612"
          },
          {
            "name": "80467",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80467"
          },
          {
            "name": "80461",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80461"
          },
          {
            "name": "80470",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80470"
          },
          {
            "name": "80460",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80460"
          },
          {
            "name": "http://www.ieee-security.org/TC/SP2012/program.html",
            "refsource": "MISC",
            "url": "http://www.ieee-security.org/TC/SP2012/program.html"
          },
          {
            "name": "80468",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80468"
          },
          {
            "name": "80456",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80456"
          },
          {
            "name": "80457",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80457"
          },
          {
            "name": "80458",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80458"
          },
          {
            "name": "80454",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80454"
          },
          {
            "name": "80455",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80455"
          },
          {
            "name": "80459",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80459"
          },
          {
            "name": "80469",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80469"
          },
          {
            "name": "80471",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/80471"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:norman:norman_antivirus_\\\u0026_antispyware:6.06.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-1443"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ieee-security.org/TC/SP2012/program.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ieee-security.org/TC/SP2012/program.html"
            },
            {
              "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/522005"
            },
            {
              "name": "52612",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/52612"
            },
            {
              "name": "80471",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80471"
            },
            {
              "name": "80470",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80470"
            },
            {
              "name": "80454",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80454"
            },
            {
              "name": "80455",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80455"
            },
            {
              "name": "80456",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80456"
            },
            {
              "name": "80457",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80457"
            },
            {
              "name": "80459",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80459"
            },
            {
              "name": "80469",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80469"
            },
            {
              "name": "80458",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80458"
            },
            {
              "name": "80468",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80468"
            },
            {
              "name": "80467",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80467"
            },
            {
              "name": "80461",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80461"
            },
            {
              "name": "80460",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80460"
            },
            {
              "name": "80472",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/80472"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-11-06T05:09Z",
      "publishedDate": "2012-03-21T10:11Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-1443 (GCVE-0-2012-1443)

VAR-201203-0367

Vulnerability Descriptions

Credits

References

FKIE_CVE-2012-1443

PYSEC-2012-24

GHSA-VPV6-P582-58CQ

GSD-2012-1443

Tags

Sightings

Nomenclature