Vulnerability Details : CVE-2012-1420
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Products affected by CVE-2012-1420
- cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:*:*:*:*:*:*:*
- cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:*
- cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*
- cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*
- cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*
- cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*
- cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1420
96.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1420
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-1420
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1420
-
http://www.ieee-security.org/TC/SP2012/program.html
IEEE Symposium on Security and Privacy 2012
-
http://www.securityfocus.com/archive/1/522005
SecurityFocus
Jump to