The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Authentium
  • Command Antivirus
Ikarus
  • Ikarus Virus Utilities T3 Command Line Scanner
Pc Tools
  • Pc Tools Antivirus
Emsisoft
  • Anti-malware
K7computing
  • Antivirus
Virusbuster
  • Virusbuster
Eset
  • Nod32 Antivirus
Rising-global
  • Rising Antivirus
Norman
  • Norman Antivirus \& Antispyware
Fortinet
  • Fortinet Antivirus
F-prot
  • F-prot Antivirus

Configuration 1 [-]

OR cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*
cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*
cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/80393
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80406
http://osvdb.org/80407
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-03-21T10:00:00

Updated: 2012-08-13T09:00:00

Reserved: 2012-02-29T00:00:00

Link: CVE-2012-1423

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-03-21T10:11:47.317

Modified: 2012-08-14T03:35:49.300

Link: CVE-2012-1423

JSON object: View

cve-icon Redhat Information

No data.

CWE