CVE-2012-1420
Multiple Antivirus Products - Malware Detection Bypass via POSIX TAR File with Initial \7fELF Sequence
Title source: llmDescription
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References (6)
Core 6
Core References
Various Sources x_refsource_misc
http://www.ieee-security.org/TC/SP2012/program.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80406
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522005
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80403
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80409
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80407
Scores
EPSS
0.1644
EPSS Percentile
95.0%
Details
CWE
CWE-264
Status
published
Products (11)
authentium/command_antivirus
5.2.11.5
cat/quick_heal
11.00
eset/nod32_antivirus
5795
f-prot/f-prot_antivirus
4.6.2.117
fortinet/fortinet_antivirus
4.2.254.0
k7computing/antivirus
9.77.3565
kaspersky/kaspersky_anti-virus
7.0.0.125
microsoft/security_essentials
2.0
norman/norman_antivirus_\&_antispyware
6.06.12
pandasecurity/panda_antivirus
10.0.2.7
... and 1 more
Published
Mar 21, 2012
Tracked Since
Feb 18, 2026