CVE-2012-1457

Description

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74293

http://www.securityfocus.com/bid/52610

http://www.securityfocus.com/archive/1/522005

http://www.mandriva.com/security/advisories?name=MDVSA-2012:094

http://www.ieee-security.org/TC/SP2012/program.html

http://osvdb.org/80409

http://osvdb.org/80407

http://osvdb.org/80406

http://osvdb.org/80403

http://osvdb.org/80396

http://osvdb.org/80395

http://osvdb.org/80393

http://osvdb.org/80392

http://osvdb.org/80391

http://osvdb.org/80389

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3