CVE-2012-1447

eSafe 7.0.17.0 - Malware Detection Bypass via Modified ELF e_version Field

Title source: llm
STIX 2.1

Description

The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/80432
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522005
Various Sources x_refsource_misc
http://www.ieee-security.org/TC/SP2012/program.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52601

Scores

EPSS 0.0048
EPSS Percentile 65.4%

Details

CWE
CWE-264
Status published
Products (4)
aladdin/esafe 7.0.17.0
drweb/dr.web_antivirus 5.0.2.03300
fortinet/fortinet_antivirus 4.2.254.0
pandasecurity/panda_antivirus 10.0.2.7
Published Mar 21, 2012
Tracked Since Feb 18, 2026