CVE-2012-1427

Quick Heal 11.00 - Malware Detection Bypass via TAR File Parser

Title source: llm

Description

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/74242

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/522005

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/80409

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52587

Various Sources x_refsource_misc

http://www.ieee-security.org/TC/SP2012/program.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/80390

Scores

EPSS 0.0415

EPSS Percentile 88.8%

Details

CWE

CWE-264

Status published

Products (3)

cat/quick_heal 11.00

norman/norman_antivirus_\&_antispyware 6.06.12

sophos/sophos_anti-virus 4.61.0

Published Mar 21, 2012

Tracked Since Feb 18, 2026