4.3

CVE-2012-1459

EPSS 84.1%
Published 21.03.2012 10:11:49
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.  NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected products Warnungen 0 Metrics 2 CWE 0 References 20

Data is provided by the National Vulnerability Database (NVD)

Ahnlab ≫ V3 Internet Security Version2011.01.18.00

Alwil ≫ Avast Antivirus Version4.8.1351.0

Alwil ≫ Avast Antivirus Version5.0.677.0

Anti-virus ≫ Vba32 Version3.12.14.2

Antiy ≫ Avl Sdk Version2.0.3.7

Authentium ≫ Command Antivirus Version5.2.11.5

Avg ≫ Avg Anti-virus Version10.0.0.1190

Avira ≫ Antivir Version7.11.1.163

Bitdefender ≫ Bitdefender Version7.2

Cat ≫ Quick Heal Version11.00

Clamav ≫ Clamav Version0.96.4

Comodo ≫ Comodo Antivirus Version7424

Emsisoft ≫ Anti-malware Version5.1.0.1

Eset ≫ Nod32 Antivirus Version5795

F-prot ≫ F-prot Antivirus Version4.6.2.117

F-secure ≫ F-secure Anti-virus Version9.0.16160.0

Fortinet ≫ Fortinet Antivirus Version4.2.254.0

Gdata-software ≫ G Data Antivirus Version21

Ikarus ≫ Ikarus Virus Utilities T3 Command Line Scanner Version1.1.97.0

Jiangmin ≫ Jiangmin Antivirus Version13.0.900

K7computing ≫ Antivirus Version9.77.3565

Kaspersky ≫ Kaspersky Anti-virus Version7.0.0.125

Mcafee ≫ Gateway Version2010.1c

Mcafee ≫ Scan Engine Version5.400.0.1158

Microsoft ≫ Security Essentials Version2.0

Nprotect ≫ Nprotect Antivirus Version2011-01-17.01

Pandasecurity ≫ Panda Antivirus Version10.0.2.7

Pc Tools ≫ Pc Tools Antivirus Version7.0.3.5

Rising-global ≫ Rising Antivirus Version22.83.00.03

Sophos ≫ Sophos Anti-virus Version4.61.0

Symantec ≫ Endpoint Protection Version11.0

Trendmicro ≫ Housecall Version9.120.0.1004

Trendmicro ≫ Trend Micro Antivirus Version9.120.0.1004

Virusbuster ≫ Virusbuster Version13.6.151.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	84.1%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://osvdb.org/80409

http://www.ieee-security.org/TC/SP2012/program.html

http://www.securityfocus.com/archive/1/522005

http://osvdb.org/80403

http://osvdb.org/80406

http://osvdb.org/80407

http://osvdb.org/80393

http://osvdb.org/80395

http://osvdb.org/80396

http://osvdb.org/80390

http://osvdb.org/80391

http://osvdb.org/80392

http://osvdb.org/80389

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:094

http://www.securityfocus.com/bid/52623

https://exchange.xforce.ibmcloud.com/vulnerabilities/74302

https://nvd.nist.gov/vuln/detail/CVE-2012-1459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1459

EUVD