Search

Find a vulnerability

Search criteria

    224 vulnerabilities by BItdefender

    CVE-2026-10047 (GCVE-0-2026-10047)

    Vulnerability from nvd – Published: 2026-06-02 14:17 – Updated: 2026-06-02 16:06 Unsupported When Assigned
    VLAI
    Title
    Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)
    Summary
    The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T16:06:47.172599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:06:55.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Napoca bare-metal hypervisor",
              "repo": "https://github.com/bitdefender/napoca",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "all",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.\u003c/p\u003e"
                }
              ],
              "value": "The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:17:40.505Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-write-in-napoca-real-mode-hook-handler-via-guest-controlled-sssp-va-13905"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product.\u003c/p\u003e"
                }
              ],
              "value": "No fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo workaround is available.\u003c/p\u003e"
                }
              ],
              "value": "No workaround is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2026-10047",
        "datePublished": "2026-06-02T14:17:15.279Z",
        "dateReserved": "2026-05-28T22:57:30.259Z",
        "dateUpdated": "2026-06-02T16:06:55.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10046 (GCVE-0-2026-10046)

    Vulnerability from nvd – Published: 2026-06-02 14:16 – Updated: 2026-06-02 16:06 Unsupported When Assigned
    VLAI
    Title
    Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)
    Summary
    Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-05-29 06:02
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T16:06:13.975351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:06:21.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Napoca bare-metal hypervisor",
              "repo": "https://github.com/bitdefender/napoca",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "datePublic": "2026-05-29T06:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.\u003c/p\u003e"
                }
              ],
              "value": "Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:16:21.927Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/consumer/support/security-advisories/out-of-bounds-write-in-napoca-bios-int-0x15-e820-memory-map-handler-va-13905"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product.\u003c/p\u003e"
                }
              ],
              "value": "No fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo workaround is available.\u003c/p\u003e"
                }
              ],
              "value": "No workaround is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2026-10046",
        "datePublished": "2026-06-02T14:16:21.927Z",
        "dateReserved": "2026-05-28T22:57:29.491Z",
        "dateUpdated": "2026-06-02T16:06:21.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7073 (GCVE-0-2025-7073)

    Vulnerability from nvd – Published: 2025-12-10 09:46 – Updated: 2026-03-31 11:43
    VLAI
    Title
    Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
    Summary
    A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Bitdefender Internet Security Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Date Public
    2025-12-10 09:36
    Credits
    Filip Dragovic (@filip_dragovic)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T04:55:19.145047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:21:06.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Filip Dragovic (@filip_dragovic)"
            }
          ],
          "datePublic": "2025-12-10T09:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u0026nbsp;allows low-privileged attackers to elevate privileges. The issue arises from \u003ccode\u003ebdservicehost.exe\u003c/code\u003e\u0026nbsp;deleting files from a user-writable directory (\u003ccode\u003eC:\\ProgramData\\Atc\\Feedback\u003c/code\u003e) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
                }
              ],
              "value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u00a0allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe\u00a0deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 Symlink Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T11:43:59.146Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to product version 27.0.47.241\u0026nbsp;fixes the issue"
                }
              ],
              "value": "An automatic update to product version 27.0.47.241\u00a0fixes the issue"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-7073",
        "datePublished": "2025-12-10T09:46:40.263Z",
        "dateReserved": "2025-07-04T15:58:42.058Z",
        "dateUpdated": "2026-03-31T11:43:59.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5317 (GCVE-0-2025-5317)

    Vulnerability from nvd – Published: 2025-11-11 08:02 – Updated: 2025-11-12 20:04
    VLAI
    Title
    Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac
    Summary
    An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Endpoint Security Tools for Mac Affected: 0 , < 7.20.52.200087 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-12T14:55:16.722643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-12T20:04:14.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Endpoint Security Tools for Mac",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "7.20.52.200087",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T08:10:17.064Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/improper-access-restriction-to-critical-folder-in-bitdefender-endpoint-security-tools-for-mac/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to\u0026nbsp;itdefender Endpoint Security Tools for Mac (BEST) version 7.20.52.200087 or higher fixes the issue."
                }
              ],
              "value": "An automatic update to\u00a0itdefender Endpoint Security Tools for Mac (BEST) version 7.20.52.200087 or higher fixes the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-5317",
        "datePublished": "2025-11-11T08:02:22.504Z",
        "dateReserved": "2025-05-29T05:57:38.849Z",
        "dateUpdated": "2025-11-12T20:04:14.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1987 (GCVE-0-2025-1987)

    Vulnerability from nvd – Published: 2025-06-21 21:35 – Updated: 2025-06-23 14:56
    VLAI
    Title
    Stored XSS in Psono-Client via Malicious Vault Entry URLs
    Summary
    A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim’s browser, potentially giving them access to the user’s password vault and sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Psono Psono-client Affected: 0 , ≤ 4.0.4 (git)
    Create a notification for this product.
    Bitdefender SecurePass Affected: 0 , < 0.0.76 (Web client)
    Affected: 0 , < 1.1.18 (Chrome)
    Affected: 0 , < 1.1.22 (Firefox)
    Affected: 0 , < 1.1.18 (Edge)
    Affected: 0 , < 1.0.10 (Safari)
    Create a notification for this product.
    Credits
    Ionut DRĂGUȚ, Bitdefender Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T14:56:38.593939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T14:56:45.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Psono-client",
              "vendor": "Psono",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SecurePass",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "0.0.76",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Web client"
                },
                {
                  "lessThan": "1.1.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Chrome"
                },
                {
                  "lessThan": "1.1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Firefox"
                },
                {
                  "lessThan": "1.1.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Edge"
                },
                {
                  "lessThan": "1.0.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Safari"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ionut DR\u0102GU\u021a, Bitdefender Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA \u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e\u0026nbsp;vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Cross-Site Scripting (XSS)\u00a0vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-21T21:35:06.643Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://bitdefender.com/support/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to these product versions fixes the issue:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eWeb client: 0.0.76\u003c/li\u003e\u003cli\u003eChrome: 1.1.18\u003c/li\u003e\u003cli\u003eFirefox: 1.1.22\u003c/li\u003e\u003cli\u003eEdge: 1.1.18\u003c/li\u003e\u003cli\u003eSafari: 1.0.10\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "An automatic update to these product versions fixes the issue:\n\n  *  Web client: 0.0.76\n  *  Chrome: 1.1.18\n  *  Firefox: 1.1.22\n  *  Edge: 1.1.18\n  *  Safari: 1.0.10"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in Psono-Client via Malicious Vault Entry URLs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-1987",
        "datePublished": "2025-06-21T21:35:06.643Z",
        "dateReserved": "2025-03-05T14:48:09.124Z",
        "dateUpdated": "2025-06-23T14:56:45.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2245 (GCVE-0-2025-2245)

    Vulnerability from nvd – Published: 2025-04-04 09:54 – Updated: 2025-04-04 12:57
    VLAI
    Title
    Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
    Summary
    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender GravityZone Update Server Affected: 0 , < 3.5.2.689 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 09:00
    Credits
    Nicolas Verdier (@n1nj4sec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T12:56:49.957910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T12:57:26.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GravityZone Update Server",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "3.5.2.689",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicolas Verdier (@n1nj4sec)"
            }
          ],
          "datePublic": "2025-04-04T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (\u003ccode\u003e%00\u003c/code\u003e) sequences. By crafting a request to a domain such as \u003ccode\u003eevil.com%00.bitdefender.com\u003c/code\u003e, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-3",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-3 Using Leading \u0027Ghost\u0027 Character Sequences to Bypass Input Filters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:54:03.681Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version\u0026nbsp;3.5.2.689 fixes the issue."
                }
              ],
              "value": "An automatic update to version\u00a03.5.2.689 fixes the issue."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-2245",
        "datePublished": "2025-04-04T09:54:03.681Z",
        "dateReserved": "2025-03-12T11:14:14.019Z",
        "dateUpdated": "2025-04-04T12:57:26.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2244 (GCVE-0-2025-2244)

    Vulnerability from nvd – Published: 2025-04-04 09:52 – Updated: 2025-04-04 14:26
    VLAI
    Title
    Insecure PHP deserialization issue in GravityZone Console (VA-12634)
    Summary
    A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - – Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender GravityZone Console Affected: 0 , < 6.41.2-1 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 09:00
    Credits
    Nicolas Verdier (@n1nj4sec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:25:40.859470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:26:11.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GravityZone Console",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "6.41.2-1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicolas Verdier (@n1nj4sec)"
            }
          ],
          "datePublic": "2025-04-04T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability in the\u0026nbsp;\u003ccode\u003esendMailFromRemoteSource\u003c/code\u003e\u0026nbsp;method in \u003ccode\u003eEmails.php\u003c/code\u003e\u0026nbsp; as used in Bitdefender GravityZone Console unsafely uses \u003ccode\u003ephp unserialize()\u003c/code\u003e\u0026nbsp;on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system."
                }
              ],
              "value": "A vulnerability in the\u00a0sendMailFromRemoteSource\u00a0method in Emails.php\u00a0 as used in Bitdefender GravityZone Console unsafely uses php unserialize()\u00a0on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 \u2013 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:52:48.684Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "http://bitdefender.com/support/security-advisories/insecure-php-deserialization-issue-in-gravityzone-console-va-12634"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version\u0026nbsp;6.41.2-1 fixes the issue."
                }
              ],
              "value": "An automatic update to version\u00a06.41.2-1 fixes the issue."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insecure PHP deserialization issue in GravityZone Console (VA-12634)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-2244",
        "datePublished": "2025-04-04T09:52:48.684Z",
        "dateReserved": "2025-03-12T11:14:05.487Z",
        "dateUpdated": "2025-04-04T14:26:11.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2243 (GCVE-0-2025-2243)

    Vulnerability from nvd – Published: 2025-04-04 09:53 – Updated: 2025-04-04 14:21
    VLAI
    Title
    SSRF in GravityZone Console via DNS Truncation (VA-12634)
    Summary
    A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender GravityZone Console Affected: 0 , < 6.41.2-1 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 09:00
    Credits
    Nicolas Verdier (@n1nj4sec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:34.614745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GravityZone Console",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "6.41.2-1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicolas Verdier (@n1nj4sec)"
            }
          ],
          "datePublic": "2025-04-04T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code.\u0026nbsp;\u003cp\u003eThis issue affects GravityZone Console: before 6.41.2.1.\u003c/p\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code.\u00a0This issue affects GravityZone Console: before 6.41.2.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-3",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-3 Using Leading \u0027Ghost\u0027 Character Sequences to Bypass Input Filters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:53:25.476Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version 6.41.2.1 fixes the issue."
                }
              ],
              "value": "An automatic update to version 6.41.2.1 fixes the issue."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in GravityZone Console via DNS Truncation (VA-12634)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-2243",
        "datePublished": "2025-04-04T09:53:25.476Z",
        "dateReserved": "2025-03-12T11:14:04.233Z",
        "dateUpdated": "2025-04-04T14:21:05.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-10047 (GCVE-0-2026-10047)

    Vulnerability from cvelistv5 – Published: 2026-06-02 14:17 – Updated: 2026-06-02 16:06 Unsupported When Assigned
    VLAI
    Title
    Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)
    Summary
    The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T16:06:47.172599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:06:55.065Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Napoca bare-metal hypervisor",
              "repo": "https://github.com/bitdefender/napoca",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "all",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.\u003c/p\u003e"
                }
              ],
              "value": "The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With SS=0xFFFF and ESP=0xFFFF, the computed offset can reach 0x10FFEF, exceeding the RealModeMemory buffer by 65,519 bytes. The IRET frame push can therefore write past the end of the buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:17:40.505Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/out-of-bounds-write-in-napoca-real-mode-hook-handler-via-guest-controlled-sssp-va-13905"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product.\u003c/p\u003e"
                }
              ],
              "value": "No fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Out-of-bounds write in Napoca real-mode hook handler via guest-controlled SS:SP (VA-13905)",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo workaround is available.\u003c/p\u003e"
                }
              ],
              "value": "No workaround is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2026-10047",
        "datePublished": "2026-06-02T14:17:15.279Z",
        "dateReserved": "2026-05-28T22:57:30.259Z",
        "dateUpdated": "2026-06-02T16:06:55.065Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10046 (GCVE-0-2026-10046)

    Vulnerability from cvelistv5 – Published: 2026-06-02 14:16 – Updated: 2026-06-02 16:06 Unsupported When Assigned
    VLAI
    Title
    Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)
    Summary
    Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Date Public
    2026-05-29 06:02
    Credits
    Sebastián Alba Vives (@Sebasteuo / 0xS4bb1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T16:06:13.975351Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T16:06:21.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Napoca bare-metal hypervisor",
              "repo": "https://github.com/bitdefender/napoca",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sebasti\u00e1n Alba Vives (@Sebasteuo / 0xS4bb1)"
            }
          ],
          "datePublic": "2026-05-29T06:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned.\u003c/p\u003e"
                }
              ],
              "value": "Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI register values without validating that the resulting address remains within the 1MB RealModeMemory allocation. A malicious guest operating in real mode can trigger the issue by invoking INT 0x15 with AX=0xE820, EDX=0x534D4150, ECX greater than or equal to 20, EBX=0, ES=0xFFFF, and EDI=0xFFFF. This can cause a write of up to 20 bytes past the end of the RealModeMemory buffer into the hypervisor heap. The product is end-of-life and unsupported when assigned."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T14:16:21.927Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/consumer/support/security-advisories/out-of-bounds-write-in-napoca-bios-int-0x15-e820-memory-map-handler-va-13905"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product.\u003c/p\u003e"
                }
              ],
              "value": "No fix is planned because Bitdefender Napoca is end-of-life. Users should discontinue use of the unsupported product."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eNo workaround is available.\u003c/p\u003e"
                }
              ],
              "value": "No workaround is available."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2026-10046",
        "datePublished": "2026-06-02T14:16:21.927Z",
        "dateReserved": "2026-05-28T22:57:29.491Z",
        "dateUpdated": "2026-06-02T16:06:21.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-7073 (GCVE-0-2025-7073)

    Vulnerability from cvelistv5 – Published: 2025-12-10 09:46 – Updated: 2026-03-31 11:43
    VLAI
    Title
    Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
    Summary
    A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Bitdefender Internet Security Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: 0 , < 27.0.47.241 (custom)
    Create a notification for this product.
    Date Public
    2025-12-10 09:36
    Credits
    Filip Dragovic (@filip_dragovic)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7073",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-11T04:55:19.145047Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:21:06.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "27.0.47.241",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Filip Dragovic (@filip_dragovic)"
            }
          ],
          "datePublic": "2025-12-10T09:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u0026nbsp;allows low-privileged attackers to elevate privileges. The issue arises from \u003ccode\u003ebdservicehost.exe\u003c/code\u003e\u0026nbsp;deleting files from a user-writable directory (\u003ccode\u003eC:\\ProgramData\\Atc\\Feedback\u003c/code\u003e) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
                }
              ],
              "value": "A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241\u00a0allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe\u00a0deleting files from a user-writable directory (C:\\ProgramData\\Atc\\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This issue is chained with a file copy operation during network events and a filter driver bypass via DLL injection to achieve arbitrary file copy and code execution as elevated user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 Symlink Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T11:43:59.146Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to product version 27.0.47.241\u0026nbsp;fixes the issue"
                }
              ],
              "value": "An automatic update to product version 27.0.47.241\u00a0fixes the issue"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-7073",
        "datePublished": "2025-12-10T09:46:40.263Z",
        "dateReserved": "2025-07-04T15:58:42.058Z",
        "dateUpdated": "2026-03-31T11:43:59.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-5317 (GCVE-0-2025-5317)

    Vulnerability from cvelistv5 – Published: 2025-11-11 08:02 – Updated: 2025-11-12 20:04
    VLAI
    Title
    Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac
    Summary
    An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender Endpoint Security Tools for Mac Affected: 0 , < 7.20.52.200087 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5317",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-12T14:55:16.722643Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-12T20:04:14.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "MacOS"
              ],
              "product": "Endpoint Security Tools for Mac",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "7.20.52.200087",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-11T08:10:17.064Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/improper-access-restriction-to-critical-folder-in-bitdefender-endpoint-security-tools-for-mac/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to\u0026nbsp;itdefender Endpoint Security Tools for Mac (BEST) version 7.20.52.200087 or higher fixes the issue."
                }
              ],
              "value": "An automatic update to\u00a0itdefender Endpoint Security Tools for Mac (BEST) version 7.20.52.200087 or higher fixes the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-5317",
        "datePublished": "2025-11-11T08:02:22.504Z",
        "dateReserved": "2025-05-29T05:57:38.849Z",
        "dateUpdated": "2025-11-12T20:04:14.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-1987 (GCVE-0-2025-1987)

    Vulnerability from cvelistv5 – Published: 2025-06-21 21:35 – Updated: 2025-06-23 14:56
    VLAI
    Title
    Stored XSS in Psono-Client via Malicious Vault Entry URLs
    Summary
    A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim’s browser, potentially giving them access to the user’s password vault and sensitive data.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Psono Psono-client Affected: 0 , ≤ 4.0.4 (git)
    Create a notification for this product.
    Bitdefender SecurePass Affected: 0 , < 0.0.76 (Web client)
    Affected: 0 , < 1.1.18 (Chrome)
    Affected: 0 , < 1.1.22 (Firefox)
    Affected: 0 , < 1.1.18 (Edge)
    Affected: 0 , < 1.0.10 (Safari)
    Create a notification for this product.
    Credits
    Ionut DRĂGUȚ, Bitdefender Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-1987",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T14:56:38.593939Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T14:56:45.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Psono-client",
              "vendor": "Psono",
              "versions": [
                {
                  "lessThanOrEqual": "4.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SecurePass",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "0.0.76",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Web client"
                },
                {
                  "lessThan": "1.1.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Chrome"
                },
                {
                  "lessThan": "1.1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Firefox"
                },
                {
                  "lessThan": "1.1.18",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Edge"
                },
                {
                  "lessThan": "1.0.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Safari"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ionut DR\u0102GU\u021a, Bitdefender Labs"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA \u003cb\u003eCross-Site Scripting (XSS)\u003c/b\u003e\u0026nbsp;vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data.\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "A Cross-Site Scripting (XSS)\u00a0vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-21T21:35:06.643Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://bitdefender.com/support/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to these product versions fixes the issue:\u003cbr\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eWeb client: 0.0.76\u003c/li\u003e\u003cli\u003eChrome: 1.1.18\u003c/li\u003e\u003cli\u003eFirefox: 1.1.22\u003c/li\u003e\u003cli\u003eEdge: 1.1.18\u003c/li\u003e\u003cli\u003eSafari: 1.0.10\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "An automatic update to these product versions fixes the issue:\n\n  *  Web client: 0.0.76\n  *  Chrome: 1.1.18\n  *  Firefox: 1.1.22\n  *  Edge: 1.1.18\n  *  Safari: 1.0.10"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in Psono-Client via Malicious Vault Entry URLs",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-1987",
        "datePublished": "2025-06-21T21:35:06.643Z",
        "dateReserved": "2025-03-05T14:48:09.124Z",
        "dateUpdated": "2025-06-23T14:56:45.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2245 (GCVE-0-2025-2245)

    Vulnerability from cvelistv5 – Published: 2025-04-04 09:54 – Updated: 2025-04-04 12:57
    VLAI
    Title
    Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
    Summary
    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender GravityZone Update Server Affected: 0 , < 3.5.2.689 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 09:00
    Credits
    Nicolas Verdier (@n1nj4sec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T12:56:49.957910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T12:57:26.616Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GravityZone Update Server",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "3.5.2.689",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicolas Verdier (@n1nj4sec)"
            }
          ],
          "datePublic": "2025-04-04T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (\u003ccode\u003e%00\u003c/code\u003e) sequences. By crafting a request to a domain such as \u003ccode\u003eevil.com%00.bitdefender.com\u003c/code\u003e, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-3",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-3 Using Leading \u0027Ghost\u0027 Character Sequences to Bypass Input Filters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:54:03.681Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version\u0026nbsp;3.5.2.689 fixes the issue."
                }
              ],
              "value": "An automatic update to version\u00a03.5.2.689 fixes the issue."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-2245",
        "datePublished": "2025-04-04T09:54:03.681Z",
        "dateReserved": "2025-03-12T11:14:14.019Z",
        "dateUpdated": "2025-04-04T12:57:26.616Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2243 (GCVE-0-2025-2243)

    Vulnerability from cvelistv5 – Published: 2025-04-04 09:53 – Updated: 2025-04-04 14:21
    VLAI
    Title
    SSRF in GravityZone Console via DNS Truncation (VA-12634)
    Summary
    A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Bitdefender GravityZone Console Affected: 0 , < 6.41.2-1 (custom)
    Create a notification for this product.
    Date Public
    2025-04-04 09:00
    Credits
    Nicolas Verdier (@n1nj4sec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:20:34.614745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T14:21:05.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GravityZone Console",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "6.41.2-1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nicolas Verdier (@n1nj4sec)"
            }
          ],
          "datePublic": "2025-04-04T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code.\u0026nbsp;\u003cp\u003eThis issue affects GravityZone Console: before 6.41.2.1.\u003c/p\u003e"
                }
              ],
              "value": "A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code.\u00a0This issue affects GravityZone Console: before 6.41.2.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-3",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-3 Using Leading \u0027Ghost\u0027 Character Sequences to Bypass Input Filters"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-04T09:53:25.476Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "url": "https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An automatic update to version 6.41.2.1 fixes the issue."
                }
              ],
              "value": "An automatic update to version 6.41.2.1 fixes the issue."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in GravityZone Console via DNS Truncation (VA-12634)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2025-2243",
        "datePublished": "2025-04-04T09:53:25.476Z",
        "dateReserved": "2025-03-12T11:14:04.233Z",
        "dateUpdated": "2025-04-04T14:21:05.194Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2025-AVI-1089

    Vulnerability from certfr_avis - Published: 2025-12-10 - Updated: 2025-12-10

    Une vulnérabilité a été découverte dans les produits Bitdefender. Elle permet à un attaquant de provoquer une élévation de privilèges et une atteinte à l'intégrité des données.

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Bitdefender N/A Internet Security Antivirus Plus versions antérieures à 27.0.46.231
    Bitdefender N/A Antivirus Free versions antérieures à 30.0.25.77
    Bitdefender Total Security Total Security versions antérieures à 27.10.45.497
    Bitdefender N/A Endpoint Security Tools pour Windows versions antérieures à 7.9.20.515
    Bitdefender Total Security Internet Security versions antérieures à 27.10.45.497
    Bitdefender N/A Antivirus Plus versions antérieures à 27.10.45.497

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Internet Security Antivirus Plus versions ant\u00e9rieures \u00e0 27.0.46.231",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Antivirus Free versions ant\u00e9rieures \u00e0 30.0.25.77",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Total Security versions ant\u00e9rieures \u00e0 27.10.45.497",
          "product": {
            "name": "Total Security",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Endpoint Security Tools pour Windows versions ant\u00e9rieures \u00e0 7.9.20.515 ",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Internet Security versions ant\u00e9rieures \u00e0 27.10.45.497",
          "product": {
            "name": "Total Security",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Antivirus Plus versions ant\u00e9rieures \u00e0 27.10.45.497",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-7073",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-7073"
        }
      ],
      "initial_release_date": "2025-12-10T00:00:00",
      "last_revision_date": "2025-12-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-1089",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-12-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Bitdefender. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
      "title": "Vuln\u00e9rabilit\u00e9 dans les produits Bitdefender",
      "vendor_advisories": [
        {
          "published_at": "2025-12-10",
          "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590",
          "url": "https://www.bitdefender.com/support/security-advisories/local-privilege-escalation-via-arbitrary-file-operation-in-bitdefender-atc-va-12590/"
        }
      ]
    }

    CERTFR-2025-AVI-0531

    Vulnerability from certfr_avis - Published: 2025-06-23 - Updated: 2025-06-23

    Une vulnérabilité a été découverte dans Bitdefender SecurePass. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Bitdefender SecurePass Greffon SecurePass pour Firefox versions antérieures à 1.1.22
    Bitdefender SecurePass Greffon SecurePass pour Chrome et Edge versions antérieures à 1.1.18
    Bitdefender SecurePass Client web SecurePass versions antérieures à 0.0.76
    Bitdefender SecurePass Greffon SecurePass pour Safari versions antérieures à 1.0.10
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Greffon SecurePass pour Firefox versions ant\u00e9rieures \u00e0 1.1.22",
          "product": {
            "name": "SecurePass",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Greffon SecurePass pour Chrome et Edge versions ant\u00e9rieures \u00e0 1.1.18",
          "product": {
            "name": "SecurePass",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Client web SecurePass versions ant\u00e9rieures \u00e0 0.0.76 ",
          "product": {
            "name": "SecurePass",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "Greffon SecurePass pour Safari versions ant\u00e9rieures \u00e0 1.0.10",
          "product": {
            "name": "SecurePass",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-1987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-1987"
        }
      ],
      "initial_release_date": "2025-06-23T00:00:00",
      "last_revision_date": "2025-06-23T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0531",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-06-23T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Injection de code indirecte \u00e0 distance (XSS)"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Bitdefender SecurePass. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
      "title": "Vuln\u00e9rabilit\u00e9 dans Bitdefender SecurePass",
      "vendor_advisories": [
        {
          "published_at": "2025-06-21",
          "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender stored-xss-in-psono-client-via-malicious-vault-entry-urls",
          "url": "https://www.bitdefender.com/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls/"
        }
      ]
    }

    CERTFR-2025-AVI-0299

    Vulnerability from certfr_avis - Published: 2025-04-10 - Updated: 2025-04-10

    De multiples vulnérabilités ont été découvertes dans les produits Bitdefender. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une falsification de requêtes côté serveur (SSRF).

    Solutions

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    Impacted products
    Vendor Product Description
    Bitdefender GravityZone Update Server GravityZone Update Server versions antérieures à 3.5.2.689
    Bitdefender GravityZone Console GravityZone Console versions antérieures à 6.41.2-1

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "GravityZone Update Server versions ant\u00e9rieures \u00e0 3.5.2.689",
          "product": {
            "name": "GravityZone Update Server",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        },
        {
          "description": "GravityZone Console versions ant\u00e9rieures \u00e0 6.41.2-1",
          "product": {
            "name": "GravityZone Console",
            "vendor": {
              "name": "Bitdefender",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": "",
      "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
      "cves": [
        {
          "name": "CVE-2025-2243",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2243"
        },
        {
          "name": "CVE-2025-2244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2244"
        },
        {
          "name": "CVE-2025-2245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-2245"
        }
      ],
      "initial_release_date": "2025-04-10T00:00:00",
      "last_revision_date": "2025-04-10T00:00:00",
      "links": [],
      "reference": "CERTFR-2025-AVI-0299",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2025-04-10T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Bitdefender. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Bitdefender",
      "vendor_advisories": [
        {
          "published_at": "2025-04-04",
          "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender insecure-php-deserialization-issue-in-gravityzone-console-va-12634",
          "url": "https://www.bitdefender.com/support/security-advisories/insecure-php-deserialization-issue-in-gravityzone-console-va-12634/"
        },
        {
          "published_at": "2025-04-04",
          "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646",
          "url": "https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-gravityzone-update-server-using-null-bytes-va-12646/"
        },
        {
          "published_at": "2025-04-04",
          "title": "Bulletin de s\u00e9curit\u00e9 Bitdefender ssrf-in-gravityzone-console-via-dns-truncation-va-12634",
          "url": "https://www.bitdefender.com/support/security-advisories/ssrf-in-gravityzone-console-via-dns-truncation-va-12634/"
        }
      ]
    }

    VAR-202503-1168

    Vulnerability from variot - Updated: 2025-08-02 23:18

    Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device. BitDefender of Bitdefender BOX A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202503-1168",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "box",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bitdefender",
            "version": "1.3.11.505"
          },
          {
            "model": "box",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "bitdefender",
            "version": "1.3.11.490"
          },
          {
            "model": "box",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": "bitdefender box  firmware  1.3.11.490  to  1.3.11.505"
          },
          {
            "model": "box",
            "scope": null,
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          },
          {
            "model": "box",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "cve": "CVE-2024-13872",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2024-13872",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-13872",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-13872",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve-requests@bitdefender.com",
                "id": "CVE-2024-13872",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-13872",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device. BitDefender of Bitdefender BOX A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-13872",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "id": "VAR-202503-1168",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35
      },
      "last_update_date": "2025-08-02T23:18:48.679000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          },
          {
            "problemtype": "Sending important information in clear text (CWE-319) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-13872"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "date": "2025-03-12T12:15:14.273000",
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-31T02:35:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          },
          {
            "date": "2025-07-30T00:39:58.580000",
            "db": "NVD",
            "id": "CVE-2024-13872"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BitDefender\u00a0 of \u00a0Bitdefender\u00a0BOX\u00a0 Vulnerability in cleartext transmission of sensitive information in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010289"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202503-2100

    Vulnerability from variot - Updated: 2025-08-02 23:09

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE). (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202503-2100",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "box",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "bitdefender",
            "version": "1.3.11.490"
          },
          {
            "model": "box",
            "scope": null,
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          },
          {
            "model": "box",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": "bitdefender box  firmware  1.3.11.490"
          },
          {
            "model": "box",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "cve": "CVE-2024-13871",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-13871",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-13871",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-13871",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "cve-requests@bitdefender.com",
                "id": "CVE-2024-13871",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-13871",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A command injection vulnerability exists in the /check_image_and_trigger_recovery\u00a0API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE). (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-13871",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "id": "VAR-202503-2100",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35
      },
      "last_update_date": "2025-08-02T23:09:37.808000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://bitdefender.com/support/security-advisories/unauthenticated-command-injection-in-bitdefender-box-v1"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-13871"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "date": "2025-03-12T12:15:14.087000",
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-01T01:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          },
          {
            "date": "2025-07-30T00:40:32.137000",
            "db": "NVD",
            "id": "CVE-2024-13871"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BitDefender\u00a0 of \u00a0Bitdefender\u00a0BOX\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010398"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202503-1337

    Vulnerability from variot - Updated: 2025-08-02 23:04

    An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202503-1337",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "box",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "bitdefender",
            "version": "1.3.52.928"
          },
          {
            "model": "box",
            "scope": null,
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          },
          {
            "model": "box",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": null
          },
          {
            "model": "box",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": "bitdefender box  firmware  1.3.52.928  and earlier"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "cve": "CVE-2024-13870",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.1,
                "id": "CVE-2024-13870",
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2024-13870",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-13870",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "cve-requests@bitdefender.com",
                "id": "CVE-2024-13870",
                "trust": 1.0,
                "value": "Low"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-13870",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device\u0027s firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-13870",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "id": "VAR-202503-1337",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35
      },
      "last_update_date": "2025-08-02T23:04:34.172000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1328",
            "trust": 1.0
          },
          {
            "problemtype": "Security version number can be changed to an older version (CWE-1328) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-13870"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "date": "2025-03-12T12:15:12.443000",
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-01T01:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          },
          {
            "date": "2025-07-30T00:52:04.430000",
            "db": "NVD",
            "id": "CVE-2024-13870"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BitDefender\u00a0 of \u00a0Bitdefender\u00a0BOX\u00a0 Vulnerability in firmware where security version number can be changed to an older version",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010399"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201203-0144

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================ Ubuntu Security Notice USN-1482-2 June 20, 2012

    clamav regression

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 12.04 LTS
    • Ubuntu 11.10
    • Ubuntu 11.04

    Summary:

    ClamAV could improperly detect malware if it opened a specially crafted file.

    Software Description: - clamav: Anti-virus utility for Unix

    Details:

    USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem.

    We apologize for the inconvenience.

    Original advisory details:

    It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)

    It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2

    Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2

    Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1482-2 http://www.ubuntu.com/usn/usn-1482-1 https://launchpad.net/bugs/1015337

    Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDVSA-2012:094 http://www.mandriva.com/security/


    Package : clamav Date : June 18, 2012 Affected: Enterprise Server 5.0


    Problem Description:

    This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues:

    The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5


    Updated Packages:

    Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

    Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0144",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "virusbuster",
            "version": "13.6.151.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "avl sdk",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "antiy",
            "version": "2.0.3.7"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "avg",
            "version": "10.0.0.1190"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "clamav",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "clamav",
            "version": "0.96.4"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "pc tools",
            "version": "7.0.3.5"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "kaspersky",
            "version": "7.0.0.125"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f prot",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus \\\u0026 antispyware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "anti virus",
            "version": "3.12.14.2"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "nod32 antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivir",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "quick heal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cat",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "k7computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "5.0.677.0"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "4.8.1351.0"
          },
          {
            "model": "trend micro antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ahnlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "g data antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gdata",
            "version": "21"
          },
          {
            "model": "security essentials",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "microsoft",
            "version": "2.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "4.8.1351.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "5.0.677.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "nod32 anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "frisk",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "g data",
            "version": "21"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "k7 computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "virusblokada",
            "version": "3.12.14.2"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "unlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "heal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "quick heal k k",
            "version": "11.00"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "security essentials",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microsoft",
            "version": "2.0 antimalware engine 1.1.6402.0"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "virusblokada",
            "version": "3.12.142"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "13.6.1510"
          },
          {
            "model": "trend micro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20101.3103"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "12.1"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.4"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "cat-quickheal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "quick heal",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pctools",
            "version": "7.0.35"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "norman",
            "version": "6.6.12"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.6402"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kaspersky",
            "version": "7.0125"
          },
          {
            "model": "computing pvt ltd k7antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "k7",
            "version": "9.77.3565"
          },
          {
            "model": "jiangmin",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "data software gdata",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "g",
            "version": "21"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.2117"
          },
          {
            "model": "nod32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "anti-virus clamav",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "clam",
            "version": "0.96.4"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "antivir engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avira",
            "version": "7.11.1163"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avg",
            "version": "10.01190"
          },
          {
            "model": "avast5 antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "5.0.6770"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "4.8.1351.0"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          },
          {
            "model": "antiy-avl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antiy",
            "version": "2.0.37"
          },
          {
            "model": "engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ahnlab",
            "version": "v32011.01.18.00"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:antiy:avl_sdk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avast:avast_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avg:avg_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avira:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:clamav:clamav",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:emsisoft:anti-malware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:eset:nod32_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:k7computing:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:anti-virus:vba32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:virusbuster:virusbuster",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ahnlab:v3_internet_security",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:quick_heal:quick_heal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:endpoint_protection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sophos:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:housecall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fortinet:fortinet_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:security_essentials",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52623"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1459",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1459",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54740",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1459",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1459",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-422",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54740",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================\nUbuntu Security Notice USN-1482-2\nJune 20, 2012\n\nclamav regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail\nto install in certain situations. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled certain malformed TAR\n archives. (CVE-2012-1457,\n CVE-2012-1459)\n \n It was discovered that ClamAV incorrectly handled certain malformed CHM\n files. A remote attacker could create a specially-crafted CHM file\n containing malware that could escape being detected. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  clamav                          0.97.5+dfsg-1ubuntu0.12.04.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.12.04.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.12.04.2\n\nUbuntu 11.10:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.10.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.10.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.10.2\n\nUbuntu 11.04:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.04.2\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.04.2\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.04.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1482-2\n  http://www.ubuntu.com/usn/usn-1482-1\n  https://launchpad.net/bugs/1015337\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory                         MDVSA-2012:094\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : clamav\n Date    : June 18, 2012\n Affected: Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n This is a bugfix release that upgrades clamav to the latest version\n (0.97.5) that resolves the following security issues:\n \n The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass\n malware detection via a TAR archive entry with a length field that\n exceeds the total TAR file size. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a  mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53  mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b  mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e  mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52  mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465  mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea  mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c  mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171  mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a  mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f  mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98  mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "BID",
            "id": "52623"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-54740",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1459",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "52623",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80396",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80389",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80391",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80403",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80395",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80390",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80392",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80393",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80409",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80406",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80407",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19231",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "113878",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "115619",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "113895",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-54740",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "113841",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "BID",
            "id": "52623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "id": "VAR-201203-0144",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.803000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AVL SDK",
            "trust": 0.8,
            "url": "http://www.antiy.net/"
          },
          {
            "title": "Command Antivirus",
            "trust": 0.8,
            "url": "http://www.authentium.com/command/CSAVDownload.html"
          },
          {
            "title": "avast! Antivirus",
            "trust": 0.8,
            "url": "https://www.avast.co.jp/index"
          },
          {
            "title": "AVG Anti-Virus",
            "trust": 0.8,
            "url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
          },
          {
            "title": "AntiVir",
            "trust": 0.8,
            "url": "http://www.avira.com/"
          },
          {
            "title": "Rising Antivirus",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Bitdefender",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "ClamAV",
            "trust": 0.8,
            "url": "http://www.clamav.net/lang/en/"
          },
          {
            "title": "Comodo Antivirus",
            "trust": 0.8,
            "url": "http://www.comodo.com/home/internet-security/antivirus.php"
          },
          {
            "title": "Emsisoft Anti-Malware",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
            "trust": 0.8,
            "url": "http://www.eset.com/us/"
          },
          {
            "title": "Fortinet Antivirus",
            "trust": 0.8,
            "url": "http://www.fortinet.com/solutions/antivirus.html"
          },
          {
            "title": "F-Prot Antivirus",
            "trust": 0.8,
            "url": "http://www.f-prot.com/index.html"
          },
          {
            "title": "G Data AntiVirus",
            "trust": 0.8,
            "url": "http://www.gdata.co.jp/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ikarus.at/en/"
          },
          {
            "title": "Jiangmin Antivirus",
            "trust": 0.8,
            "url": "http://global.jiangmin.com/"
          },
          {
            "title": "K7 AntiVirus",
            "trust": 0.8,
            "url": "http://www.k7computing.com/en/consumer_home.php"
          },
          {
            "title": "McAfee Web Gateway",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/products/web-gateway.aspx"
          },
          {
            "title": "McAfee Scan Engine",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
          },
          {
            "title": "Norman Antivirus",
            "trust": 0.8,
            "url": "http://www.norman.com/products/antivirus_antispyware/en"
          },
          {
            "title": "nProtect Anti-Virus",
            "trust": 0.8,
            "url": "http://global.nprotect.com/product/avs.php"
          },
          {
            "title": "openSUSE-SU-2012:0833",
            "trust": 0.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
          },
          {
            "title": "Panda Antivirus",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "PC Tools AntiVirus",
            "trust": 0.8,
            "url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
          },
          {
            "title": "Quick Heal",
            "trust": 0.8,
            "url": "http://www.quickheal.com/"
          },
          {
            "title": "Sophos Anti-Virus",
            "trust": 0.8,
            "url": "http://www.sophos.com/ja-jp/"
          },
          {
            "title": "Endpoint Protection",
            "trust": 0.8,
            "url": "http://www.symantec.com/ja/jp/endpoint-protection"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/home/index.html"
          },
          {
            "title": "Trend Micro HouseCall",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/tools/housecall/index.html"
          },
          {
            "title": "VBA32",
            "trust": 0.8,
            "url": "http://anti-virus.by/en/index.shtml"
          },
          {
            "title": "VirusBuster",
            "trust": 0.8,
            "url": "http://www.virusbuster.hu/en"
          },
          {
            "title": "V3 Internet Security",
            "trust": 0.8,
            "url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
          },
          {
            "title": "Kaspersky Anti-Virus",
            "trust": 0.8,
            "url": "http://www.kaspersky.com/kaspersky_anti-virus"
          },
          {
            "title": "Microsoft Security Essentials",
            "trust": 0.8,
            "url": "http://windows.microsoft.com/ja-JP/windows/products/security-essentials"
          },
          {
            "title": "F-Secure Anti-Virus",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52623"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80389"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80390"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80391"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80392"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80393"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80395"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80396"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80403"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80406"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80407"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80409"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1459"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19231"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
          },
          {
            "trust": 0.3,
            "url": "http://www.antiy.net"
          },
          {
            "trust": 0.3,
            "url": "http://www.authentium.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avast.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avg.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avira.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "trust": 0.3,
            "url": "http://eset.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-prot.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.gdatasoftware.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.ikarus.at"
          },
          {
            "trust": 0.3,
            "url": "http://global.jiangmin.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.kaspersky.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.pctools.com/spyware-doctor-antivirus/"
          },
          {
            "trust": 0.3,
            "url": "http://www.quickheal.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.trend.com"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus.by/en/index.shtml"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.3,
            "url": "http://www.ubuntu.com/usn/usn-1482-1"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.3"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1482-3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1015405"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/bugs/1015337"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1482-2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "BID",
            "id": "52623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "db": "BID",
            "id": "52623"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52623"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "date": "2012-08-17T02:36:21",
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "date": "2012-06-20T03:33:06",
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "date": "2012-06-20T02:54:11",
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "date": "2012-06-19T00:56:02",
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "date": "2012-03-21T10:11:49.597000",
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54740"
          },
          {
            "date": "2015-04-13T22:00:00",
            "db": "BID",
            "id": "52623"
          },
          {
            "date": "2012-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1459"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "115619"
          },
          {
            "db": "PACKETSTORM",
            "id": "113895"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          }
        ],
        "trust": 1.0
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  TAR Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001869"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-422"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0148

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF Parser If it is announced that there is also a problem with the implementation of CVE May be split.The endian field changed by a third party ELF Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0148",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "antivirus \\\u0026 antispyware",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "quick heal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cat",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f prot",
            "version": "4.6.2.117"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ahnlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "frisk",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "unlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "heal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "quick heal k k",
            "version": "11.00"
          },
          {
            "model": "cat-quickheal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "quick heal",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "10.0.27"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "norman",
            "version": "6.6.12"
          },
          {
            "model": "mcafee",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mcafee",
            "version": "5.4001158"
          },
          {
            "model": "nprotect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "inca",
            "version": "2011-01-17.01"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.2117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          },
          {
            "model": "engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ahnlab",
            "version": "v32011.01.18.00"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ahnlab:v3_internet_security",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:quick_heal:quick_heal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52614"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1463",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1463",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54744",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1463",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1463",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-426",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54744",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2012-1463",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF Parser If it is announced that there is also a problem with the implementation of CVE May be split.The endian field changed by a third party ELF Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "BID",
            "id": "52614"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1463",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "52614",
            "trust": 1.5
          },
          {
            "db": "OSVDB",
            "id": "80426",
            "trust": 1.2
          },
          {
            "db": "OSVDB",
            "id": "80433",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19237",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54744",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "db": "BID",
            "id": "52614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "id": "VAR-201203-0148",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.762000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Command Antivirus",
            "trust": 0.8,
            "url": "http://www.authentium.com/command/CSAVDownload.html"
          },
          {
            "title": "Bitdefender",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Comodo Antivirus",
            "trust": 0.8,
            "url": "http://www.comodo.com/home/internet-security/antivirus.php"
          },
          {
            "title": "F-Prot Antivirus",
            "trust": 0.8,
            "url": "http://www.f-prot.com/index.html"
          },
          {
            "title": "MacAfee Scan Engine",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
          },
          {
            "title": "Norman Antivirus",
            "trust": 0.8,
            "url": "http://www.norman.com/products/antivirus_antispyware/en"
          },
          {
            "title": "nProtect Anti-Virus",
            "trust": 0.8,
            "url": "http://global.nprotect.com/product/avs.php"
          },
          {
            "title": "Panda Antivirus",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "Quick Heal",
            "trust": 0.8,
            "url": "http://www.quickheal.com/"
          },
          {
            "title": "eSafe",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/esafe/"
          },
          {
            "title": "V3 Internet Security",
            "trust": 0.8,
            "url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
          },
          {
            "title": "F-Secure Anti-Virus",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.8,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/52614"
          },
          {
            "trust": 1.2,
            "url": "http://osvdb.org/80426"
          },
          {
            "trust": 1.2,
            "url": "http://osvdb.org/80433"
          },
          {
            "trust": 1.2,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1463"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1463"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19237"
          },
          {
            "trust": 0.3,
            "url": "http://www.ahnlab.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.authentium.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.comodo.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-secure.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-prot.com/"
          },
          {
            "trust": 0.3,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.pandasecurity.com/usa/"
          },
          {
            "trust": 0.3,
            "url": "http://www.quickheal.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "db": "BID",
            "id": "52614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "db": "BID",
            "id": "52614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52614"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "date": "2012-03-21T10:11:49.740000",
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54744"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-1463"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52614"
          },
          {
            "date": "2012-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1463"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001872"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-426"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0381

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================ Ubuntu Security Notice USN-1482-1 June 19, 2012

    clamav vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 12.04 LTS
    • Ubuntu 11.10
    • Ubuntu 11.04
    • Ubuntu 10.04 LTS

    Summary:

    ClamAV could improperly detect malware if it opened a specially crafted file.

    Software Description: - clamav: Anti-virus utility for Unix

    Details:

    It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)

    It was discovered that ClamAV incorrectly handled certain malformed CHM files. (CVE-2012-1458)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1

    Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1

    Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1

    Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4

    In general, a standard system update will make all the necessary changes.

    References: http://www.ubuntu.com/usn/usn-1482-1 CVE-2012-1457, CVE-2012-1458, CVE-2012-1459

    Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4 .

    The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5


    Updated Packages:

    Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm

    Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0381",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "virusbuster",
            "version": "13.6.151.0"
          },
          {
            "model": "avl sdk",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "antiy",
            "version": "2.0.3.7"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "avg",
            "version": "10.0.0.1190"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "clamav",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "clamav",
            "version": "0.96.4"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "pc tools",
            "version": "7.0.3.5"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "kaspersky",
            "version": "7.0.0.125"
          },
          {
            "model": "security essentials",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "microsoft",
            "version": "2.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f prot",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus \\\u0026 antispyware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "anti virus",
            "version": "3.12.14.2"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "nod32 antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivir",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "quick heal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cat",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "k7computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "5.0.677.0"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "4.8.1351.0"
          },
          {
            "model": "trend micro antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "g data antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gdata",
            "version": "21"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "4.8.1351.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "5.0.677.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "nod32 anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "frisk",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "g data",
            "version": "21"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "k7 computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "virusblokada",
            "version": "3.12.14.2"
          },
          {
            "model": "heal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "quick heal k k",
            "version": "11.00"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "virusblokada",
            "version": "3.12.142"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "12.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.10"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "13.6.1510"
          },
          {
            "model": "trend micro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20101.3103"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "12.1"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11.4"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "cat-quickheal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "quick heal",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pctools",
            "version": "7.0.35"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "norman",
            "version": "6.6.12"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.6402"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kaspersky",
            "version": "7.0125"
          },
          {
            "model": "computing pvt ltd k7antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "k7",
            "version": "9.77.3565"
          },
          {
            "model": "jiangmin",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "data software gdata",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "g",
            "version": "21"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.2117"
          },
          {
            "model": "nod32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "antivir engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avira",
            "version": "7.11.1163"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avg",
            "version": "10.01190"
          },
          {
            "model": "avast5 antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "5.0.6770"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "4.8.1351.0"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          },
          {
            "model": "antiy-avl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antiy",
            "version": "2.0.37"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:antiy:avl_sdk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avast:avast_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avg:avg_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avira:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:clamav:clamav",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:emsisoft:anti-malware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:eset:nod32_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:k7computing:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:anti-virus:vba32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:virusbuster:virusbuster",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:quick_heal:quick_heal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:endpoint_protection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:housecall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:security_essentials",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52610"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1457",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1457",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54738",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1457",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1457",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-420",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54738",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================\nUbuntu Security Notice USN-1482-1\nJune 19, 2012\n\nclamav vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted\nfile. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nIt was discovered that ClamAV incorrectly handled certain malformed TAR\narchives. (CVE-2012-1457,\nCVE-2012-1459)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM\nfiles. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n  clamav                          0.97.5+dfsg-1ubuntu0.12.04.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.12.04.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.12.04.1\n\nUbuntu 11.10:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.10.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.10.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.10.1\n\nUbuntu 11.04:\n  clamav                          0.97.5+dfsg-1ubuntu0.11.04.1\n  clamav-daemon                   0.97.5+dfsg-1ubuntu0.11.04.1\n  libclamav6                      0.97.5+dfsg-1ubuntu0.11.04.1\n\nUbuntu 10.04 LTS:\n  clamav                          0.96.5+dfsg-1ubuntu1.10.04.4\n  clamav-daemon                   0.96.5+dfsg-1ubuntu1.10.04.4\n  libclamav6                      0.96.5+dfsg-1ubuntu1.10.04.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-1482-1\n  CVE-2012-1457, CVE-2012-1458, CVE-2012-1459\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1\n  https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1\n  https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4\n. \n \n The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers\n to bypass malware detection via a crafted reset interval in the LZXC\n header of a CHM file. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a  mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53  mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b  mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e  mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52  mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465  mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea  mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c  mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171  mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a  mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f  mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98  mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184  mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "BID",
            "id": "52610"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          }
        ],
        "trust": 2.16
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-54738",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1457",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "52610",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80392",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80406",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80391",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80407",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80396",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80395",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80403",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80409",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80389",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80393",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19229",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "113841",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-54738",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "113878",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "BID",
            "id": "52610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "id": "VAR-201203-0381",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.723000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.aladdin.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.antiy.net/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.authentium.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.avast.com/index"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.avg.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.avira.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.clamav.net/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.eset.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-prot.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.gdata-software.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ikarus.at/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://global.jiangmin.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.k7computing.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mcafee.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.microsoft.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.norman.com/"
          },
          {
            "title": "openSUSE-SU-2012:0833",
            "trust": 0.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.pctools.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.quickheal.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.symantec.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://anti-virus.by/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.virusbuster.hu/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.kaspersky.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52610"
          },
          {
            "trust": 1.1,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80389"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80391"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80392"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80393"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80395"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80396"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80403"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80406"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80407"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80409"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
          },
          {
            "trust": 0.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1457"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19229"
          },
          {
            "trust": 0.3,
            "url": "http://www.antiy.net"
          },
          {
            "trust": 0.3,
            "url": "http://www.authentium.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avast.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avg.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.avira.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://eset.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-prot.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.gdatasoftware.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.ikarus.at"
          },
          {
            "trust": 0.3,
            "url": "http://global.jiangmin.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.kaspersky.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.microsoft.com"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.pctools.com/spyware-doctor-antivirus/"
          },
          {
            "trust": 0.3,
            "url": "http://www.quickheal.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.trend.com"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus.by/en/index.shtml"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
          },
          {
            "trust": 0.1,
            "url": "http://www.ubuntu.com/usn/usn-1482-1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "BID",
            "id": "52610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "db": "BID",
            "id": "52610"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52610"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "date": "2012-06-20T02:54:11",
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "date": "2012-06-19T00:56:02",
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "date": "2012-03-21T10:11:49.287000",
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54738"
          },
          {
            "date": "2015-05-07T17:17:00",
            "db": "BID",
            "id": "52610"
          },
          {
            "date": "2012-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1457"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "113878"
          },
          {
            "db": "PACKETSTORM",
            "id": "113841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  TAR Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001902"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-420"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0391

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party \4a\46\49\46 With the character sequence ELF Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.


    Vulnerability Descriptions

    1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

    Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1419

    1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

    CVE no - CVE-2012-1420

    1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

    CVE no - CVE-2012-1421

    1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1422

    1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

    Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1423

    1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

    CVE no - CVE-2012-1424

    1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

    CVE no - CVE-2012-1425

    1. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1426

    1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1427

    1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1428

    1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection.

    Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01

    CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

    CVE no - CVE-2012-1431

    1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1432

    1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1433

    1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1434

    1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1435

    1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1436

    1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

    Affected products - Comodo 7425

    CVE no - CVE-2012-1437

    1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

    Affected products - Comodo 7425, Sophos 4.61.0

    CVE no - CVE-2012-1438

    1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1439

    1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

    Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1440

    1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
      If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - Prevx 3.0

    'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0

    CVE no - CVE-2012-1441

    1. 'class' field in ELF files is parsed incorrectly.
      If an infected ELF file's class field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1442

    1. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

    Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

    CVE no - CVE-2012-1443

    1. 'abiversion' field in ELF files is parsed incorrectly.
      If an infected ELF file's abiversion field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1444

    1. 'abi' field in ELF files is parsed incorrectly.
      If an infected ELF file's abi field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1445

    1. 'encoding' field in ELF files is parsed incorrectly.
      If an infected ELF file's encoding field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1446

    1. 'e_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's e_version field is incremented by 1 it evades detection.

    Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

    CVE no - CVE-2012-1447

    1. 'cbCabinet' field in CAB files is parsed incorrectly.
      If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

    CVE no - CVE-2012-1448

    1. 'vMajor' field in CAB files is parsed incorrectly.
      If an infected CAB file's vMajor field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1449

    1. 'reserved3' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1450

    1. 'reserved2' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1451

    1. 'reserved1' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1452

    1. 'coffFiles' field in CAB files is parsed incorrectly.
      If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1453

    1. 'ei_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's version field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1454

    1. 'vMinor' field in CAB files is parsed incorrectly.
      If an infected CAB file's version field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1455

    1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1457

    1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

    If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

    Affected products - ClamAV 0.96.4, Sophos 4.61.0

    CVE no - CVE-2012-1458

    1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

    If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

    CVE no - CVE-2012-1460

    1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

    Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

    CVE no - CVE-2012-1461

    1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

    Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

    CVE no - CVE-2012-1462

    1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

    Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

    CVE no - CVE-2012-1463


    Credits

    Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.


    References

    "Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0391",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f prot",
            "version": "4.6.2.117"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "frisk",
            "version": "4.6.2.117"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sophos",
            "version": "4.61"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "nprotect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "inca",
            "version": "2011-01-17.01"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.2117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sophos:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52591"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1431",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1431",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54712",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1431",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1431",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-396",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54712",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party \\4a\\46\\49\\46 With the character sequence ELF Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n   Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n   CVE no - \n   CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n   CVE no - \n   CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n    \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n    \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n   Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n   McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n   Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive\u0027s total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file\u0027s header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "BID",
            "id": "52591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1431",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "52591",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-54712",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "BID",
            "id": "52591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "id": "VAR-201203-0391",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.523000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.authentium.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.comodo.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-secure.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-prot.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mcafee.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.nprotect.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sophos.com/"
          },
          {
            "title": "eSafe",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/esafe/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1431"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1431"
          },
          {
            "trust": 0.3,
            "url": "http://www.authentium.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.comodo.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-secure.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-prot.com/"
          },
          {
            "trust": 0.3,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.sophos.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
          },
          {
            "trust": 0.1,
            "url": "http://www.ieee-security.org/tc/sp2012/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "BID",
            "id": "52591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "db": "BID",
            "id": "52591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52591"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "date": "2012-03-19T23:51:01",
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "date": "2012-03-21T10:11:47.630000",
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54712"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52591"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1431"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001893"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-396"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0146

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. Multiple products Gzip A file parser contains a vulnerability that can prevent malware detection. Different Gzip If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Have multiple compressed streams by a third party .tar.gz Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0146",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "avg",
            "version": "10.0.0.1190"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "kaspersky",
            "version": "7.0.0.125"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "antivirus \\\u0026 antispyware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "anti virus",
            "version": "3.12.14.2"
          },
          {
            "model": "nod32 antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "k7computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "trend micro antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "nod32 anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "k7 computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "virusblokada",
            "version": "3.12.14.2"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "virusblokada",
            "version": "3.12.142"
          },
          {
            "model": "trend micro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20101.3103"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "norman",
            "version": "6.6.12"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kaspersky",
            "version": "7.0125"
          },
          {
            "model": "computing pvt ltd k7antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "k7",
            "version": "9.77.3565"
          },
          {
            "model": "jiangmin",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "4.2.2540"
          },
          {
            "model": "nod32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avg",
            "version": "10.01190"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avg:avg_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:emsisoft:anti-malware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:eset:nod32_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:k7computing:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:anti-virus:vba32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:endpoint_protection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sophos:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:housecall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fortinet:fortinet_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52626"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1461",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1461",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54742",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1461",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1461",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-424",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54742",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. Multiple products Gzip A file parser contains a vulnerability that can prevent malware detection. Different Gzip If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.Have multiple compressed streams by a third party .tar.gz Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "BID",
            "id": "52626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1461",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "52626",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80510",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80501",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80500",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80504",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80505",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80503",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80502",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80506",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19199",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54742",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "db": "BID",
            "id": "52626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "id": "VAR-201203-0146",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.384000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Command Antivirus",
            "trust": 0.8,
            "url": "http://www.authentium.com/command/CSAVDownload.html"
          },
          {
            "title": "AVG Anti-Virus",
            "trust": 0.8,
            "url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
          },
          {
            "title": "Rising Antivirus",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Bitdefender",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Emsisoft Anti-Malware",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
            "trust": 0.8,
            "url": "http://www.eset.com/us/"
          },
          {
            "title": "Fortinet Antivirus",
            "trust": 0.8,
            "url": "http://www.fortinet.com/solutions/antivirus.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ikarus.at/en/"
          },
          {
            "title": "Jiangmin Antivirus",
            "trust": 0.8,
            "url": "http://global.jiangmin.com/"
          },
          {
            "title": "K7 AntiVirus",
            "trust": 0.8,
            "url": "http://www.k7computing.com/en/consumer_home.php"
          },
          {
            "title": "McAfee Scan Engine",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
          },
          {
            "title": "McAfee Web Gateway",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/products/web-gateway.aspx"
          },
          {
            "title": "Norman Antivirus",
            "trust": 0.8,
            "url": "http://www.norman.com/products/antivirus_antispyware/en"
          },
          {
            "title": "Sophos Anti-Virus",
            "trust": 0.8,
            "url": "http://www.sophos.com/ja-jp/"
          },
          {
            "title": "Endpoint Protection",
            "trust": 0.8,
            "url": "http://www.symantec.com/ja/jp/endpoint-protection"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/home/index.html"
          },
          {
            "title": "Trend Micro HouseCall",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/tools/housecall/index.html"
          },
          {
            "title": "VBA32",
            "trust": 0.8,
            "url": "http://anti-virus.by/en/index.shtml"
          },
          {
            "title": "Kaspersky Anti-Virus",
            "trust": 0.8,
            "url": "http://www.kaspersky.com/kaspersky_anti-virus"
          },
          {
            "title": "F-Secure Anti-Virus",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52626"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80500"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80501"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80502"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80503"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80504"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80505"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80506"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80510"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1461"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1461"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19199"
          },
          {
            "trust": 0.3,
            "url": "http://www.avg.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "trust": 0.3,
            "url": "http://www.ikarus.at"
          },
          {
            "trust": 0.3,
            "url": "http://global.jiangmin.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.kaspersky.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.symantec.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.trend.com"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "db": "BID",
            "id": "52626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "db": "BID",
            "id": "52626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52626"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "date": "2012-03-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "date": "2012-03-21T10:11:49.677000",
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-11-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54742"
          },
          {
            "date": "2012-03-30T16:20:00",
            "db": "BID",
            "id": "52626"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1461"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  Gzip Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001901"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-424"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0367

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.


    Vulnerability Descriptions

    1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

    Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1419

    1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

    CVE no - CVE-2012-1420

    1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

    CVE no - CVE-2012-1421

    1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1422

    1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

    Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1423

    1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

    CVE no - CVE-2012-1424

    1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

    CVE no - CVE-2012-1425

    1. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1426

    1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1427

    1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1428

    1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection.

    Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01

    CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

    CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

    CVE no - CVE-2012-1431

    1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1432

    1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1433

    1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1434

    1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1435

    1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1436

    1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

    Affected products - Comodo 7425

    CVE no - CVE-2012-1437

    1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

    Affected products - Comodo 7425, Sophos 4.61.0

    CVE no - CVE-2012-1438

    1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1439

    1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

    Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1440

    1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
      If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - Prevx 3.0

    'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0

    CVE no - CVE-2012-1441

    1. 'class' field in ELF files is parsed incorrectly.
      If an infected ELF file's class field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1442

    1. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

    Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

    CVE no - CVE-2012-1443

    1. 'abiversion' field in ELF files is parsed incorrectly.
      If an infected ELF file's abiversion field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1444

    1. 'abi' field in ELF files is parsed incorrectly.
      If an infected ELF file's abi field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1445

    1. 'encoding' field in ELF files is parsed incorrectly.
      If an infected ELF file's encoding field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1446

    1. 'e_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's e_version field is incremented by 1 it evades detection.

    Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

    CVE no - CVE-2012-1447

    1. 'cbCabinet' field in CAB files is parsed incorrectly.
      If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

    CVE no - CVE-2012-1448

    1. 'vMajor' field in CAB files is parsed incorrectly.
      If an infected CAB file's vMajor field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1449

    1. 'reserved3' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1450

    1. 'reserved2' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1451

    1. 'reserved1' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1452

    1. 'coffFiles' field in CAB files is parsed incorrectly.
      If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1453

    1. 'ei_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's version field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1454

    1. 'vMinor' field in CAB files is parsed incorrectly.
      If an infected CAB file's version field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1455

    1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.

    Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004

    CVE no - CVE-2012-1456

    1. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1457

    1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

    If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

    Affected products - ClamAV 0.96.4, Sophos 4.61.0

    CVE no - CVE-2012-1458

    1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

    If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

    CVE no - CVE-2012-1460

    1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

    Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

    CVE no - CVE-2012-1461

    1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

    Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

    CVE no - CVE-2012-1462

    1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

    Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

    CVE no - CVE-2012-1463


    Credits

    Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.


    References

    "Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0367",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "avl sdk",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "antiy",
            "version": "2.0.3.7"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "authentium",
            "version": "5.2.11.5"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "avg",
            "version": "10.0.0.1190"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "clamav",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "clamav",
            "version": "0.96.4"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "jiangmin",
            "version": "13.0.900"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "pc tools",
            "version": "7.0.3.5"
          },
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "virusbuster",
            "version": "13.6.151.0"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "kaspersky",
            "version": "7.0.0.125"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "fortinet",
            "version": "4.2.254.0"
          },
          {
            "model": "security essentials",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "microsoft",
            "version": "2.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "symantec",
            "version": "11.0"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f prot",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus \\\u0026 antispyware",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "anti virus",
            "version": "3.12.14.2"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "panda antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "pandasecurity",
            "version": "10.0.2.7"
          },
          {
            "model": "nod32 antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivir",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "quick heal",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "cat",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "k7computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "5.0.677.0"
          },
          {
            "model": "avast antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "alwil",
            "version": "4.8.1351.0"
          },
          {
            "model": "trend micro antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "trendmicro",
            "version": "9.120.0.1004"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ahnlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "g data antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "gdata",
            "version": "21"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "4.8.1351.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avast s r o",
            "version": "5.0.677.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "avira",
            "version": "7.11.1.163"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "nod32 anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "f-prot antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "frisk",
            "version": "4.6.2.117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "g data",
            "version": "21"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "k7 computing",
            "version": "9.77.3565"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "norman",
            "version": "6.06.12"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "panda security",
            "version": "10.0.2.7"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "virusblokada",
            "version": "3.12.14.2"
          },
          {
            "model": "v3 internet security",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "unlab",
            "version": "2011.01.18.00"
          },
          {
            "model": "heal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "quick heal k k",
            "version": "11.00"
          },
          {
            "model": "endpoint protection",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "symantec",
            "version": "11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "9.120.0.1004"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "vba32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "virusblokada",
            "version": "3.12.142"
          },
          {
            "model": "virusbuster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "13.6.1510"
          },
          {
            "model": "trend micro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "housecall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trend micro",
            "version": "9.1201004"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "symantec",
            "version": "20101.3103"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sophos",
            "version": "4.61"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "cat-quickheal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "quick heal",
            "version": "11.00"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pctools",
            "version": "7.0.35"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "panda",
            "version": "10.0.27"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "norman",
            "version": "6.6.12"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "computing pvt ltd k7antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "k7",
            "version": "9.77.3565"
          },
          {
            "model": "nprotect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "inca",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "data software gdata",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "g",
            "version": "21"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.2117"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fortinet",
            "version": "4.2.2540"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "nod32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "eset",
            "version": "5795"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "antivir engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avira",
            "version": "7.11.1163"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avg",
            "version": "10.01190"
          },
          {
            "model": "avast5 antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "5.0.6770"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avast",
            "version": "4.8.1351.0"
          },
          {
            "model": "command antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "authentium",
            "version": "5.2.115"
          },
          {
            "model": "antiy-avl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antiy",
            "version": "2.0.37"
          },
          {
            "model": "engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ahnlab",
            "version": "v32011.01.18.00"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:antiy:avl_sdk",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:authentium:command_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avast:avast_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avg:avg_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:avira:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:clamav:clamav",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:emsisoft:anti-malware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:eset:nod32_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:k7computing:antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:anti-virus:vba32",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:virusbuster:virusbuster",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ahnlab:v3_internet_security",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:quick_heal:quick_heal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:symantec:endpoint_protection",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sophos:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:housecall",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fortinet:fortinet_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microsoft:security_essentials",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52612"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1443",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1443",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54724",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1443",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1443",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-407",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54724",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n   Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n   CVE no - \n   CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n   CVE no - \n   CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n   Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n    \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n    \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n   Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n   McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n   Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. \n\n   Affected products -\n   AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n   eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n   CVE no - \n   CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive\u0027s total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file\u0027s header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "BID",
            "id": "52612"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1443",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "52612",
            "trust": 1.4
          },
          {
            "db": "OSVDB",
            "id": "80469",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80461",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80454",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80455",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80467",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80468",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80471",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80456",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80459",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80472",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80470",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80457",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80460",
            "trust": 1.1
          },
          {
            "db": "OSVDB",
            "id": "80458",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19198",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54724",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "BID",
            "id": "52612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "id": "VAR-201203-0367",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.346000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AVL SDK",
            "trust": 0.8,
            "url": "http://www.antiy.net/en/avlsdk.html"
          },
          {
            "title": "Command Antivirus",
            "trust": 0.8,
            "url": "http://www.authentium.com/command/CSAVDownload.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.avast.co.jp/index"
          },
          {
            "title": "AVG Anti-Virus",
            "trust": 0.8,
            "url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.avira.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.clamav.net/lang/en/"
          },
          {
            "title": "Comodo Antivirus",
            "trust": 0.8,
            "url": "http://www.comodo.com/home/internet-security/antivirus.php"
          },
          {
            "title": "Emsisoft Anti-Malware",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
            "trust": 0.8,
            "url": "http://www.eset.com/us/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.fortinet.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-prot.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.gdata.co.jp/"
          },
          {
            "title": "IKARUS virus.utilities",
            "trust": 0.8,
            "url": "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html"
          },
          {
            "title": "Jiangmin Antivirus",
            "trust": 0.8,
            "url": "http://global.jiangmin.com/"
          },
          {
            "title": "K7 AntiVirus",
            "trust": 0.8,
            "url": "http://www.k7computing.com/en/Product/k7-antivirusplus.php"
          },
          {
            "title": "MacAfee Scan Engine",
            "trust": 0.8,
            "url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.norman.com/"
          },
          {
            "title": "nProtect Anti-Virus",
            "trust": 0.8,
            "url": "http://global.nprotect.com/product/avs.php"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ps-japan.co.jp/"
          },
          {
            "title": "PC Tools AntiVirus",
            "trust": 0.8,
            "url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.quickheal.com/"
          },
          {
            "title": "Endpoint Protection",
            "trust": 0.8,
            "url": "http://www.symantec.com/ja/jp/endpoint-protection"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/home/"
          },
          {
            "title": "Trend Micro HouseCall",
            "trust": 0.8,
            "url": "http://jp.trendmicro.com/jp/tools/housecall/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://anti-virus.by/en"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.virusbuster.hu/en"
          },
          {
            "title": "eSafe",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/esafe/"
          },
          {
            "title": "V3 Internet Security",
            "trust": 0.8,
            "url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
          },
          {
            "title": "Kaspersky Anti-Virus",
            "trust": 0.8,
            "url": "http://www.kaspersky.com/kaspersky_anti-virus"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sophos.com"
          },
          {
            "title": "Microsoft Security Essentials",
            "trust": 0.8,
            "url": "http://windows.microsoft.com/ja-JP/windows/products/security-essentials"
          },
          {
            "title": "McAfee Web Gateway",
            "trust": 0.8,
            "url": "http://www.mcafee.com/japan/products/web_gateway.asp"
          },
          {
            "title": "F-Secure Anti-Virus",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/52612"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80454"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80455"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80456"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80457"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80458"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80459"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80460"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80461"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80467"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80468"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80469"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80470"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80471"
          },
          {
            "trust": 1.1,
            "url": "http://osvdb.org/80472"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1443"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1443"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19198"
          },
          {
            "trust": 0.3,
            "url": "http://seclists.org/bugtraq/2012/mar/88"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
          },
          {
            "trust": 0.1,
            "url": "http://www.ieee-security.org/tc/sp2012/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "BID",
            "id": "52612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "db": "BID",
            "id": "52612"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52612"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "date": "2012-03-19T23:51:01",
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "date": "2012-03-21T10:11:48.083000",
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-11-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54724"
          },
          {
            "date": "2015-03-19T08:41:00",
            "db": "BID",
            "id": "52612"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1443"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  RAR Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001895"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-407"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0390

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party \19\04\00\10 With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.


    Vulnerability Descriptions

    1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

    Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1419

    1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

    CVE no - CVE-2012-1420

    1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

    CVE no - CVE-2012-1421

    1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1422

    1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

    Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1423

    1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

    CVE no - CVE-2012-1424

    1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1426

    1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1427

    1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1428

    1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

    CVE no - CVE-2012-1431

    1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1432

    1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1433

    1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1434

    1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1435

    1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1436

    1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

    Affected products - Comodo 7425

    CVE no - CVE-2012-1437

    1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

    Affected products - Comodo 7425, Sophos 4.61.0

    CVE no - CVE-2012-1438

    1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1439

    1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

    Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1440

    1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
      If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - Prevx 3.0

    'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0

    CVE no - CVE-2012-1441

    1. 'class' field in ELF files is parsed incorrectly.
      If an infected ELF file's class field is incremented by 1 it evades detection. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

    Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

    CVE no - CVE-2012-1443

    1. 'abiversion' field in ELF files is parsed incorrectly.
      If an infected ELF file's abiversion field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1444

    1. 'abi' field in ELF files is parsed incorrectly.
      If an infected ELF file's abi field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1445

    1. 'encoding' field in ELF files is parsed incorrectly.
      If an infected ELF file's encoding field is incremented by 1 it evades detection. 'e_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's e_version field is incremented by 1 it evades detection.

    Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

    CVE no - CVE-2012-1447

    1. 'cbCabinet' field in CAB files is parsed incorrectly.
      If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

    CVE no - CVE-2012-1448

    1. 'vMajor' field in CAB files is parsed incorrectly.
      If an infected CAB file's vMajor field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1449

    1. 'reserved3' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1450

    1. 'reserved2' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1451

    1. 'reserved1' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1452

    1. 'coffFiles' field in CAB files is parsed incorrectly.
      If an infected CAB file's coffFiles field is incremented by 1 it evades detection. 'ei_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's version field is incremented by 1 it evades detection. 'vMinor' field in CAB files is parsed incorrectly.
      If an infected CAB file's version field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1455

    1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1457

    1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

    If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

    Affected products - ClamAV 0.96.4, Sophos 4.61.0

    CVE no - CVE-2012-1458

    1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

    If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

    CVE no - CVE-2012-1460

    1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

    Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

    CVE no - CVE-2012-1461

    1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

    Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

    CVE no - CVE-2012-1462

    1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

    Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

    CVE no - CVE-2012-1463


    Credits

    Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.


    References

    "Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0390",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "sophos",
            "version": "4.61.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "rising global",
            "version": "22.83.00.03"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "rising",
            "version": "22.83.00.03"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sophos",
            "version": "4.61"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rising",
            "version": "22.8303"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "nprotect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "inca",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:sophos:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-1430",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1430",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54711",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1430",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1430",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-378",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54711",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2012-1430",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\19\\04\\00\\10 character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party \\19\\04\\00\\10 With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n    \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n    \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s class field is incremented by 1 it evades\n    detection. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n    detection. \u0027e_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n    detection. \u0027ei_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s version field is incremented by 1 it evades\n    detection. \u0027vMinor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive\u0027s total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file\u0027s header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1430",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "52589",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "19116",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-54711",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "id": "VAR-201203-0390",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:45.303000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.rising-global.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.comodo.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/index.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.sophos.com/ja-jp/default.aspx"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mcafee.com/japan/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/home"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.8,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1430"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1430"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/52589"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/19116"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.comodo.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-secure.com/"
          },
          {
            "trust": 0.3,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.rising-global.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.sophos.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
          },
          {
            "trust": 0.1,
            "url": "http://www.ieee-security.org/tc/sp2012/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "db": "BID",
            "id": "52589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52589"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "date": "2012-03-19T23:51:01",
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "date": "2012-03-21T10:11:47.583000",
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-04-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54711"
          },
          {
            "date": "2012-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-1430"
          },
          {
            "date": "2012-03-30T16:10:00",
            "db": "BID",
            "id": "52589"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          },
          {
            "date": "2012-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1430"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001892"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-378"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201203-0389

    Vulnerability from variot - Updated: 2025-04-11 22:49

    The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party ustar With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. The following products are affected: BitDefender AntiVirus 7.2 Comodo AntiVirus 7424 Emsisoft Antivirus 5.1.0.1 eSafe Antivirus 7.0.17.0 Ikarus Antivirus T3.1.1.97.0 McAfee McAfee 5.400.0.1158 McAfee McAfee-GW-Edition 2010.1C INCA nProtect 2011-01-17.01. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.


    Vulnerability Descriptions

    1. Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.

    Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1419

    1. Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03

    CVE no - CVE-2012-1420

    1. Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103

    CVE no - CVE-2012-1421

    1. Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1422

    1. Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.

    Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1423

    1. Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0

    CVE no - CVE-2012-1424

    1. Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection. Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.

    Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03

    CVE no - CVE-2012-1426

    1. Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1427

    1. Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0

    CVE no - CVE-2012-1428

    1. Specially crafted infected ELF files with "ustar" at offset 257 evades detection. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03

    CVE no - CVE-2012-1431

    1. Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.

    Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1432

    1. Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1433

    1. Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1434

    1. Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1435

    1. Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.

    Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7

    CVE no - CVE-2012-1436

    1. Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.

    Affected products - Comodo 7425

    CVE no - CVE-2012-1437

    1. Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.

    Affected products - Comodo 7425, Sophos 4.61.0

    CVE no - CVE-2012-1438

    1. 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1439

    1. 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.

    Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1440

    1. 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
      If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - Prevx 3.0

    'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc', 'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and 'e_oemid' fields in MS EXE files are parsed incorrectly.
    If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0

    CVE no - CVE-2012-1441

    1. 'class' field in ELF files is parsed incorrectly.
      If an infected ELF file's class field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1442

    1. Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.

    Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2

    CVE no - CVE-2012-1443

    1. 'abiversion' field in ELF files is parsed incorrectly.
      If an infected ELF file's abiversion field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1444

    1. 'abi' field in ELF files is parsed incorrectly.
      If an infected ELF file's abi field is incremented by 1 it evades detection.

    Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1445

    1. 'encoding' field in ELF files is parsed incorrectly.
      If an infected ELF file's encoding field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1446

    1. 'e_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's e_version field is incremented by 1 it evades detection.

    Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7

    CVE no - CVE-2012-1447

    1. 'cbCabinet' field in CAB files is parsed incorrectly.
      If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.

    Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1

    CVE no - CVE-2012-1448

    1. 'vMajor' field in CAB files is parsed incorrectly.
      If an infected CAB file's vMajor field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1449

    1. 'reserved3' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1450

    1. 'reserved2' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved2 field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0

    CVE no - CVE-2012-1451

    1. 'reserved1' field in CAB files is parsed incorrectly.
      If an infected CAB file's reserved field is incremented by 1 it evades detection.

    Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00

    CVE no - CVE-2012-1452

    1. 'coffFiles' field in CAB files is parsed incorrectly.
      If an infected CAB file's coffFiles field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1453

    1. 'ei_version' field in ELF files is parsed incorrectly.
      If an infected ELF file's version field is incremented by 1 it evades detection.

    Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7

    CVE no - CVE-2012-1454

    1. 'vMinor' field in CAB files is parsed incorrectly.
      If an infected CAB file's version field is incremented by 1 it evades detection.

    Affected products - NOD32 5795, Rising 22.83.00.03

    CVE no - CVE-2012-1455

    1. A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection. If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

    Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1457

    1. A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.

    If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.

    Affected products - ClamAV 0.96.4, Sophos 4.61.0

    CVE no - CVE-2012-1458

    1. In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.

    If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.

    Affected products - AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0

    CVE no - CVE-2012-1459

    1. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.

    Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2

    CVE no - CVE-2012-1460

    1. GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly

    Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2

    CVE no - CVE-2012-1461

    1. If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes

    Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103

    CVE no - CVE-2012-1462

    1. In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.

    Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7

    CVE no - CVE-2012-1463


    Credits

    Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.


    References

    "Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201203-0389",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 2.7,
            "vendor": "comodo",
            "version": "7424"
          },
          {
            "model": "anti-malware",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "emsisoft",
            "version": "5.1.0.1"
          },
          {
            "model": "virus utilities t3 command line scanner",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "ikarus",
            "version": "1.1.97.0"
          },
          {
            "model": "esafe",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "aladdin",
            "version": "7.0.17.0"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "f secure",
            "version": "9.0.16160.0"
          },
          {
            "model": "scan engine",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "mcafee",
            "version": "5.400.0.1158"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "softwin",
            "version": "7.2"
          },
          {
            "model": "bitdefender",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "bitdefender",
            "version": "7.2"
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "nprotect",
            "version": "2011-01-17.01"
          },
          {
            "model": "web gateway software",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mcafee",
            "version": "2010.1c"
          },
          {
            "model": "mcafee-gw-edition 2010.1c",
            "scope": null,
            "trust": 0.3,
            "vendor": "mcafee",
            "version": null
          },
          {
            "model": "nprotect",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "inca",
            "version": "2011-01-17.01"
          },
          {
            "model": "antivirus t3.1.1.97.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ikarus",
            "version": null
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "esafe",
            "version": "7.0.170"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emsisoft",
            "version": "5.11"
          },
          {
            "model": "antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "7.2"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "52581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:bitdefender:bitdefender",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:emsisoft:anti-malware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:aladdin:esafe",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:scan_engine",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:mcafee:web_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Suman Jana and Vitaly Shmatikov",
        "sources": [
          {
            "db": "BID",
            "id": "52581"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-1429",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2012-1429",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-54710",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2012-1429",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2012-1429",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201203-395",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-54710",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. Multiple products ELF A file parser contains a vulnerability that can prevent malware detection. Different ELF If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.A specific position by a third party ustar With the character sequence ELF Malware detection may be avoided via files. Multiple Antivirus products are prone prone to a vulnerability that may allow an attacker to bypass on-demand scans. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. \nThe following products are affected:\nBitDefender AntiVirus 7.2\nComodo AntiVirus 7424\nEmsisoft Antivirus 5.1.0.1\neSafe Antivirus 7.0.17.0\nIkarus Antivirus T3.1.1.97.0\nMcAfee McAfee 5.400.0.1158\nMcAfee McAfee-GW-Edition 2010.1C\nINCA nProtect 2011-01-17.01. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n   evades detection. \n\n   Affected products -\n   ClamAV 0.96.4, CAT-QuickHeal 11.00\n  \n   CVE no - \n   CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n   Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n   Symantec 20101.3.0.103\n\n   CVE no - \n   CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n   evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n   evades detection. \n\n   Affected products -\n   Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n   Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n   PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n   CVE no - \n   CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n   evades detection. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n   PCTools 7.0.3.5, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n   4 bytes evades detection. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n   3 bytes evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n   K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n   offset 29 evades detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n   evades detection. \n   \n   Affected products -\n   CAT-QuickHeal 11.00,  Norman 6.06.12, Sophos 4.61.0\n\n   CVE no - \n   CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n   evades detection. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n   detection. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n   detection. \n\n   Affected products -\n   BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n   F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n   nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n   CVE no - \n   CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n   29 evades detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n   6 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n   8 evades detection. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n   Panda 10.0.2.7\n   \n   CVE no - \n   CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n   offset 30 evades detection. \n   \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n   offset 2 evades detection. \n \n   Affected products - \n   AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n   Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n   offset 526 evades detection. \n   \n   Affected products - \n   Comodo 7425\n   \n   CVE no - \n   CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n   offset 257 evades detection. \n\n   Affected products - \n   Comodo 7425, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s padding field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n    If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n    detection.    \n\n   Affected products - \n   Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   Prevx 3.0\n\n   \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n    \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n    \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly.  \n    If any of these fields in an infected MS EXE file is incremented by 1 \n    it evades detection.    \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0\n\n\n   CVE no - \n   CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s class field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n   Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n    user and correctly extracted. Such a file evades detection.  \n    \n   Affected products -\n   ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n   Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n   Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n   VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n   K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n   Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n   Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n   TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n   nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n   Avast5 5.0.677.0, VBA32 3.12.14.2   \n\n   CVE no - \n   CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s abi field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n    detection. \n\n   Affected products - \n   CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n   Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n   McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n   Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n   Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n    Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n   TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n   CVE no - \n   CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n   \n   CVE no - \n   CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n   \n   CVE no - \n   CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n   \n   CVE no - \n   CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n   Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n   Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n   Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly.  \n    If an infected ELF file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n   Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n   CVE no - \n   CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly.  \n    If an infected CAB file\u0027s version field is incremented by 1 it evades\n    detection. \n\n   Affected products -\n   NOD32 5795, Rising 22.83.00.03\n \n   CVE no - \n   CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n   of a clean TAR archive and a virus-infected ZIP archive, is parsed \n   incorrectly and evades detection. If the length field in the header of a file with test EICAR virus\n   included into a TAR archive is set to be greater than the archive\u0027s total \n   length (1,000,000+original length in our experiments), the antivirus \n   declares the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n   AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n   Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n   GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n   Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n   Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n   Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n   scripts, and images compressed using the LZX algorithm. \n   For faster random accesses, the algorithm is reset at intervals\n   instead of compressing the entire file as a single stream. The\n   length of each interval is specified in the LZXC header. \n\n   If an infected CHM file\u0027s header modified so that the reset interval\n   is lower than in the original file, the antivirus declares the file\n   to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n   the infected content located before the tampered header. \n\n   Affected products -\n   ClamAV 0.96.4, Sophos 4.61.0 \n\n   CVE no - \n   CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n   by a simple checksum. Every header also contains a file length field, which\n   is used by the extractor to locate the next header in the archive. \n\n   If a TAR archive contains two files: the first one is clean, while\n   the second is infected with test EICAR virus - and it is modified such that \n   the length field in the header of the first, clean file to point into the \n   middle of the header of the second, infected file. The antivirus declares \n   the file to be clean but virus gets extracted correctly by the \n   GNU tar program. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, \n   Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, \n   CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Comodo 7424, \n   Emsisoft 5.1.0.1, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   Fortinent 4.2.254.0, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n   McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, \n   Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7, \n   PCTools 7.0.3.5, Rising 22.83.00.03, Sophos 4.61.0, \n   Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n   TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, \n   VirusBuster 13.6.151.0 \n\n   CVE no - \n   CVE-2012-1459\n\n42. If an infected tar.gz archive is appended 6 random bytes at the end, \n    the antivirus declares the file to be clean but virus gets extracted by\n    the gunzip+tar programs correctly by ignoring these bytes. \n\n   Affected products -\n   Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n   K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n   \n   CVE no - \n   CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n    when the contents are extracted. If an infected .tar.gz file is broken \n    into two streams, the antivirus declares the infected .tar.gz file to \n    be clean while tar+gunzip extract the virus correctly\n\n   Affected products -\n   AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n   F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n   McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n   Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n   TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n   CVE no - \n   CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n   beginning, the antivirus declares the file to be clean but virus gets extracted\n   by the unzip program correctly by skipping these bytes\n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n   Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n   Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n   Symantec 20101.3.0.103 \n\n   CVE no - \n   CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n   for little-endian, 02 for bigendian. Linux kernel, however, does not\n   check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n   byte is set to 02, the antivirus declares the file to be clean but the ELF \n   file gets executed correctly. \n\n   Affected products -\n   AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n   Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n   McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n   CVE no - \n   CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "BID",
            "id": "52581"
          },
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-1429",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "52581",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-54710",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "110990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "BID",
            "id": "52581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "id": "VAR-201203-0389",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-11T22:49:44.814000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.bitdefender.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.comodo.com/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.emsisoft.com/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ikarus.at/en/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.aladdin.co.jp/index.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.mcafee.com/japan/"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-secure.com/ja/web/home_jp/home"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/archive/1/522005"
          },
          {
            "trust": 1.7,
            "url": "http://www.ieee-security.org/tc/sp2012/program.html"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1429"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1429"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.comodo.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.emsisoft.com/en/software/antimalware/"
          },
          {
            "trust": 0.3,
            "url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
          },
          {
            "trust": 0.3,
            "url": "http://www.ikarus.at"
          },
          {
            "trust": 0.3,
            "url": "http://global.nprotect.com/index.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.mcafee.com/"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/522005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
          },
          {
            "trust": 0.1,
            "url": "http://www.ieee-security.org/tc/sp2012/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "BID",
            "id": "52581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "db": "BID",
            "id": "52581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-03-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "date": "2012-03-20T00:00:00",
            "db": "BID",
            "id": "52581"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "date": "2012-03-19T23:51:01",
            "db": "PACKETSTORM",
            "id": "110990"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "date": "2012-03-21T10:11:47.550000",
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-54710"
          },
          {
            "date": "2012-03-30T16:10:00",
            "db": "BID",
            "id": "52581"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          },
          {
            "date": "2012-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2012-1429"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple products  ELF Vulnerability that prevents file parsers from detecting malware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-001891"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201203-395"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200612-0588

    Vulnerability from variot - Updated: 2025-04-10 19:38

    F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. Various security products are prone to a filter-bypass weakness. These products include: - BitDefender Mail Protection for SMB 2.0 - ClamAV 0.88.6 - F-prot AntiVirum for Linux x86 Mail Servers 4.6.6 - Kaspersky Anti-Virus for Linux Mail Server 5.5.10 Other applications and versions may also be affected. This issue occurs because the application fails to handle malformed input that may allow an attacker to bypass the file-filtering mechanism. There is a security bypass vulnerability in F-Secure Anti-Virus for Linux Gateways. Such as passing the EICAR test file

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200612-0588",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "f secure",
            "version": "4.65"
          },
          {
            "model": "f-secure anti-virus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "f secure",
            "version": "linux gateways 4.65"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "open enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "9"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.4"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.8"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.6"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.5"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.3"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0-20040426"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "1.0"
          },
          {
            "model": "groupware server 2.1beta2",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "model": "groupware server 2.1.beta3",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "model": "anti-virus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kaspersky",
            "version": "5.5.10"
          },
          {
            "model": "software f-prot antivirus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "frisk",
            "version": "4.6.6"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "anti-virus clamav",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "clam",
            "version": "0.88.6"
          },
          {
            "model": "mail protection for smb",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "bitdefender",
            "version": "2.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:f-secure:anti-virus",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hendrik Weimer is credited with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2006-6409",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-6409",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-22517",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-6409",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-6409",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200612-173",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-22517",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. Various security products are prone to a filter-bypass weakness. These products include:\n- BitDefender Mail Protection for SMB 2.0\n- ClamAV 0.88.6\n- F-prot AntiVirum for Linux x86 Mail Servers 4.6.6\n- Kaspersky Anti-Virus for Linux Mail Server 5.5.10\nOther applications and versions may also be affected. \nThis issue occurs because the application fails to handle malformed input that may allow an attacker to bypass the file-filtering mechanism. There is a security bypass vulnerability in F-Secure Anti-Virus for Linux Gateways. Such as passing the EICAR test file",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-6409",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "21461",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20061206 MULTIPLE VENDOR UNUSUAL MIME ENCODING CONTENT FILTER BYPASS",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-22517",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "id": "VAR-200612-0588",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-10T19:38:20.641000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.f-secure.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/21461"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6409"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6409"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/453654/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.bitdefender.com"
          },
          {
            "trust": 0.3,
            "url": "http://www.clamav.net/"
          },
          {
            "trust": 0.3,
            "url": "http://www.f-prot.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.kaspersky.com/"
          },
          {
            "trust": 0.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/453654"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-12-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "date": "2006-12-06T00:00:00",
            "db": "BID",
            "id": "21461"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "date": "2006-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "date": "2006-12-10T02:28:00",
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-22517"
          },
          {
            "date": "2016-07-06T14:40:00",
            "db": "BID",
            "id": "21461"
          },
          {
            "date": "2012-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          },
          {
            "date": "2006-12-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-6409"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linux Gateways of  F-Secure Anti-Virus Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-001714"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "21461"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200612-173"
          }
        ],
        "trust": 0.9
      }
    }