4.3

CVE-2012-1457

EPSS 59.21%
Published 21.03.2012 10:11:49
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Aladdin ≫ Esafe Version7.0.17.0

Alwil ≫ Avast Antivirus Version4.8.1351.0

Alwil ≫ Avast Antivirus Version5.0.677.0

Anti-virus ≫ Vba32 Version3.12.14.2

Antiy ≫ Avl Sdk Version2.0.3.7

Authentium ≫ Command Antivirus Version5.2.11.5

Avg ≫ Avg Anti-virus Version10.0.0.1190

Avira ≫ Antivir Version7.11.1.163

Bitdefender ≫ Bitdefender Version7.2

Cat ≫ Quick Heal Version11.00

Clamav ≫ Clamav Version0.96.4

Emsisoft ≫ Anti-malware Version5.1.0.1

Eset ≫ Nod32 Antivirus Version5795

F-prot ≫ F-prot Antivirus Version4.6.2.117

Gdata-software ≫ G Data Antivirus Version21

Ikarus ≫ Ikarus Virus Utilities T3 Command Line Scanner Version1.1.97.0

Jiangmin ≫ Jiangmin Antivirus Version13.0.900

K7computing ≫ Antivirus Version9.77.3565

Kaspersky ≫ Kaspersky Anti-virus Version7.0.0.125

Mcafee ≫ Gateway Version2010.1c

Mcafee ≫ Scan Engine Version5.400.0.1158

Microsoft ≫ Security Essentials Version2.0

Pc Tools ≫ Pc Tools Antivirus Version7.0.3.5

Rising-global ≫ Rising Antivirus Version22.83.00.03

Symantec ≫ Endpoint Protection Version11.0

Trendmicro ≫ Housecall Version9.120.0.1004

Trendmicro ≫ Trend Micro Antivirus Version9.120.0.1004

Virusbuster ≫ Virusbuster Version13.6.151.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	59.21%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://osvdb.org/80409

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://osvdb.org/80403

http://osvdb.org/80406

http://osvdb.org/80407

http://osvdb.org/80393

http://osvdb.org/80395

http://osvdb.org/80396

http://osvdb.org/80391

http://osvdb.org/80392

http://osvdb.org/80389

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:094

http://www.securityfocus.com/bid/52610

https://exchange.xforce.ibmcloud.com/vulnerabilities/74293

https://nvd.nist.gov/vuln/detail/CVE-2012-1457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1457

EUVD