The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a 19040010 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Avl_sdk | Antiy | 2.0.3.7 (including) | 2.0.3.7 (including) |
| Quick_heal | Cat | 11.00 (including) | 11.00 (including) |
| Jiangmin_antivirus | Jiangmin | 13.0.900 (including) | 13.0.900 (including) |
| Norman_antivirus_&_antispyware | Norman | 6.06.12 (including) | 6.06.12 (including) |
| Pc_tools_antivirus | Pc_tools | 7.0.3.5 (including) | 7.0.3.5 (including) |
| Sophos_anti-virus | Sophos | 4.61.0 (including) | 4.61.0 (including) |
References
- http://osvdb.org/80390
- http://osvdb.org/80391
- http://osvdb.org/80392
- http://osvdb.org/80409
- http://www.ieee-security.org/TC/SP2012/program.html
- http://www.securityfocus.com/archive/1/522005
- http://osvdb.org/80390
- http://osvdb.org/80391
- http://osvdb.org/80392
- http://osvdb.org/80409
- http://www.ieee-security.org/TC/SP2012/program.html
- http://www.securityfocus.com/archive/1/522005