CVE Vulnerabilities

CVE-2012-1460

Published: Mar 21, 2012 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.

Affected Software

Name Vendor Start Version End Version
Vba32 Anti-virus 3.12.14.2 3.12.14.2
F-prot_antivirus F-prot 4.6.2.117 4.6.2.117
Quick_heal Cat 11.00 11.00
Antivirus K7computing 9.77.3565 9.77.3565
Jiangmin_antivirus Jiangmin 13.0.900 13.0.900
Command_antivirus Authentium 5.2.11.5 5.2.11.5
Avl_sdk Antiy 2.0.3.7 2.0.3.7
Esafe Aladdin 7.0.17.0 7.0.17.0

References