CVE-2012-1429

Description

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

Affected products

• aladdin / esafe7.0.17.0 – 7.0.17.0
• Comodo / Comodo Antivirus7424 – 7424
• emsisoft / anti-malware5.1.0.1 – 5.1.0.1
• F-Secure / f-secure_anti-virus9.0.16160.0 – 9.0.16160.0
• ikarus / ikarus_virus_utilities_t3_command_line_scanner1.1.97.0 – 1.1.97.0
• McAfee / gateway2010.1c – 2010.1c
• McAfee / scan_engine5.400.0.1158 – 5.400.0.1158
• nprotect / nprotect_antivirus2011-01-17.01 – 2011-01-17.01
• Softwin / bitdefender7.2 – 7.2

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/74244
• MISChttp://www.securityfocus.com/archive/1/522005
• MISChttp://www.ieee-security.org/TC/SP2012/program.html