Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-1457

Published: 21/03/2012 Updated: 18/01/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote malicious users to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bitdefender bitdefender 7.2

alwil avast antivirus 4.8.1351.0

norman norman antivirus & antispyware 6.06.12

clamav clamav 0.96.4

rising-global rising antivirus 22.83.00.03

anti-virus vba32 3.12.14.2

eset nod32 antivirus 5795

trendmicro housecall 9.120.0.1004

avira antivir 7.11.1.163

symantec endpoint protection 11.0

trendmicro trend micro antivirus 9.120.0.1004

f-prot f-prot antivirus 4.6.2.117

alwil avast antivirus 5.0.677.0

mcafee gateway 2010.1c

kaspersky kaspersky anti-virus 7.0.0.125

cat quick heal 11.00

avg avg anti-virus 10.0.0.1190

gdata-software g data antivirus 21

k7computing antivirus 9.77.3565

jiangmin jiangmin antivirus 13.0.900

authentium command antivirus 5.2.11.5

ikarus ikarus virus utilities t3 command line scanner 1.1.97.0

virusbuster virusbuster 13.6.151.0

antiy avl sdk 2.0.3.7

microsoft security essentials 2.0

emsisoft anti-malware 5.1.0.1

pc tools pc tools antivirus 7.0.3.5

aladdin esafe 7.0.17.0

mcafee scan engine 5.400.0.1158

Vendor Advisories

Debian CVElist Bug Report Logs: Multiple security issues
Debian Bug report logs - #668273 Multiple security issues Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 10 Apr 2012 13:39:01 UTC Severity: i ...
Ubuntu Security Notice: clamav regression
USN-1482-1 introduced a regression in ClamAV that could cause it to fail to scan certain documents ...
Ubuntu Security Notice: clamav vulnerabilities
ClamAV could improperly detect malware if it opened a specially crafted file ...
Ubuntu Security Notice: clamav regression
ClamAV could improperly detect malware if it opened a specially crafted file ...

References

CWE-264http://www.ieee-security.org/TC/SP2012/program.htmlhttp://www.securityfocus.com/archive/1/522005http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.htmlhttp://www.securityfocus.com/bid/52610http://osvdb.org/80403http://osvdb.org/80393http://osvdb.org/80391http://osvdb.org/80392http://osvdb.org/80406http://osvdb.org/80395http://osvdb.org/80396http://osvdb.org/80389http://osvdb.org/80407http://osvdb.org/80409https://exchange.xforce.ibmcloud.com/vulnerabilities/74293http://www.mandriva.com/security/advisories?name=MDVSA-2012:094https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668273https://usn.ubuntu.com/1482-3/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080log injectionCVE-2024-6041CVE-2024-37661XML external entityCVE-2024-0845privilege escalationCVE-2023-37057CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook