CVE-2012-1423
Multiple Antivirus Products - Malware Detection Bypass via TAR File with MZ Header
Title source: llmDescription
The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://www.ieee-security.org/TC/SP2012/program.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80406
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80393
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522005
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80396
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80407
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80395
Scores
EPSS
0.0369
EPSS Percentile
88.1%
Details
CWE
CWE-264
Status
published
Products (11)
authentium/command_antivirus
5.2.11.5
emsisoft/anti-malware
5.1.0.1
eset/nod32_antivirus
5795
f-prot/f-prot_antivirus
4.6.2.117
fortinet/fortinet_antivirus
4.2.254.0
ikarus/ikarus_virus_utilities_t3_command_line_scanner
1.1.97.0
k7computing/antivirus
9.77.3565
norman/norman_antivirus_\&_antispyware
6.06.12
pc_tools/pc_tools_antivirus
7.0.3.5
rising-global/rising_antivirus
22.83.00.03
... and 1 more
Published
Mar 21, 2012
Tracked Since
Feb 18, 2026