NVD Vulnerability Detail

CVE-2012-1443

Summary	The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
Publication Date	March 21, 2012, 7:11 p.m.
Registration Date	Jan. 28, 2021, 2:55 p.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:bitdefender:bitdefender:7.2:::::::*
cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:::::::*
cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:::::::*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:::::::*
cpe:2.3:a:clamav:clamav:0.96.4:::::::*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:::::::*
cpe:2.3:a:anti-virus:vba32:3.12.14.2:::::::*
cpe:2.3:a:eset:nod32_antivirus:5795:::::::*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:::::::*
cpe:2.3:a:avira:antivir:7.11.1.163:::::::*
cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:::::::*
cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:::::::*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:::::::*
cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:::::::*
cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:::::::*
cpe:2.3:a:mcafee:gateway:2010.1c:::::::*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:::::::*
cpe:2.3:a:cat:quick_heal:11.00:::::::*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:::::::*
cpe:2.3:a:gdata-software:g_data_antivirus:21:::::::*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:::::::*
cpe:2.3:a:k7computing:antivirus:9.77.3565:::::::*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:::::::*
cpe:2.3:a:authentium:command_antivirus:5.2.11.5:::::::*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:::::::*
cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:::::::*
cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:::::::*
cpe:2.3:a:antiy:avl_sdk:2.0.3.7:::::::*
cpe:2.3:a:microsoft:security_essentials:2.0:::::::*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:::::::*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:::::::*
cpe:2.3:a:aladdin:esafe:7.0.17.0:::::::*
cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:::::::*
cpe:2.3:a:comodo:comodo_antivirus:7424:::::::*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/80454
2	http://osvdb.org/80454
3	http://osvdb.org/80455
4	http://osvdb.org/80455
5	http://osvdb.org/80456
6	http://osvdb.org/80456
7	http://osvdb.org/80457
8	http://osvdb.org/80457
9	http://osvdb.org/80458
10	http://osvdb.org/80458
11	http://osvdb.org/80459
12	http://osvdb.org/80459
13	http://osvdb.org/80460
14	http://osvdb.org/80460
15	http://osvdb.org/80461
16	http://osvdb.org/80461
17	http://osvdb.org/80467
18	http://osvdb.org/80467
19	http://osvdb.org/80468
20	http://osvdb.org/80468
21	http://osvdb.org/80469
22	http://osvdb.org/80469
23	http://osvdb.org/80470
24	http://osvdb.org/80470
25	http://osvdb.org/80471
26	http://osvdb.org/80471
27	http://osvdb.org/80472
28	http://osvdb.org/80472
29	http://www.ieee-security.org/TC/SP2012/program.html
30	http://www.ieee-security.org/TC/SP2012/program.html
31	http://www.securityfocus.com/archive/1/522005
32	http://www.securityfocus.com/archive/1/522005
33	http://www.securityfocus.com/bid/52612
34	http://www.securityfocus.com/bid/52612

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

複数の製品の RAR ファイルパーサにおけるマルウェア検知を回避される脆弱性

Title	複数の製品の RAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
Summary	複数の製品の RAR ファイルパーサには、マルウェア検知を回避される脆弱性が存在します。異なる RAR パーサの実装にも問題があると公表された場合、本脆弱性は複数の CVE に分割される可能性があります。
Possible impacts	攻撃者により、MZ で始まる文字シーケンスを持つ RAR ファイルを介して、マルウェア検知を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 21, 2012, midnight
Registration Date	March 26, 2012, 2:05 p.m.
Last Update	March 26, 2012, 2:05 p.m.

Affected System

マイクロソフト

Microsoft Security Essentials 2.0

トレンドマイクロ

Trend Micro Antivirus 9.120.0.1004

Trend Micro HouseCall 9.120.0.1004

シマンテック

Symantec Endpoint Protection 11

エフ・セキュア

F-Secure Anti-Virus 9.0.16160.0

マカフィー

McAfee Scan Engine 5.400.0.1158

McAfee Web Gateway ソフトウェア 2010.1C

ClamAV

ClamAV 0.96.4

BitDefender

Bitdefender 7.2

Panda Security

Panda Antivirus 10.0.2.7

ESET

ESET NOD32アンチウイルス 5795

Emsisoft

Emsisoft Anti-Malware 5.1.0.1

アラジン

eSafe 7.0.17.0

Ikarus

Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0

アンラボ

V3 Internet Security 2011.01.18.00

ソフォス

Sophos Anti-Virus 4.61.0

Beijing Rising International Software

Rising Antivirus 22.83.00.03

フォーティネット

Fortinet Antivirus 4.2.254.0

クイックヒール・テクノロジーズ・ジャパン株式会社

Quick Heal 11.00

Authentium

Command Antivirus 5.2.11.5

Comodo

Comodo Antivirus 7424

FRISK Software International

F-Prot Antivirus 4.6.2.117

Norman

Norman Antivirus 6.06.12

nProtect

nProtect Anti-Virus 2011-01-17.01

Avira

AntiVirus (旧 AntiVir) 7.11.1.163

カスペルスキー

Kaspersky Anti-Virus 7.0.0.125

Jiangmin

Jiangmin Antivirus 13.0.900

AVG Technologies

AVG Anti-Virus 10.0.0.1190

Antiy Labs

AVL SDK 2.0.3.7

K7 Computing

K7 AntiVirus 9.77.3565

VirusBlokAda

VBA32 3.12.14.2

G Data Software

G Data AntiVirus 21

PC Tools

PC Tools AntiVirus 7.0.3.5

VirusBuster

VirusBuster 13.6.151.0

AVAST Software s.r.o.

avast アンチウィルス 4.8.1351.0

avast アンチウィルス 5.0.677.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1443	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1443
National Vulnerability Database (NVD)
2	CVE-2012-1443	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1443

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Antiy Labs
1	AVL SDK	http://www.antiy.net/en/avlsdk.html
Authentium
2	Command Antivirus	http://www.authentium.com/command/CSAVDownload.html
AVAST
3	Top Page	https://www.avast.co.jp/index
AVG Technologies
4	AVG Anti-Virus	http://www.avgjapan.com/home-small-office-security/buy-antivirus
Avira
5	Top Page	http://www.avira.com/
Beijing Rising International Software
6	Top Page	http://www.rising-global.com/
BitDefender
7	Top Page	http://www.bitdefender.com/
ClamAV
8	Top Page	http://www.clamav.net/lang/en/
Comodo
9	Comodo Antivirus	http://www.comodo.com/home/internet-security/antivirus.php
Emsisoft
10	Emsisoft Anti-Malware	http://www.emsisoft.com/en/software/antimalware/
ESET
11	ESET NOD32アンチウイルス	http://www.eset.com/us/
Fortinet
12	Top Page	http://www.fortinet.com/
FRISK Software International
13	Top Page	http://www.f-prot.com/
G Data Software
14	Top Page	http://www.gdata.co.jp/
Ikarus
15	IKARUS virus.utilities	http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html
Jiangmin
16	Jiangmin Antivirus	http://global.jiangmin.com/
K7 Computing
17	K7 AntiVirus	http://www.k7computing.com/en/Product/k7-antivirusplus.php
McAfee
18	MacAfee Scan Engine	http://www.mcafee.com/us/support/support-eol-scan-engine.aspx
Norman
19	Top Page	http://www.norman.com/
nProtect
20	nProtect Anti-Virus	http://global.nprotect.com/product/avs.php
Panda Security
21	Top Page	http://www.ps-japan.co.jp/
PC Tools
22	PC Tools AntiVirus	http://www.pctools.com/jp/spyware-doctor-antivirus/
Quick Heal Technologies
23	Top Page	http://www.quickheal.com/
Symantec Corporation
24	Endpoint Protection	http://www.symantec.com/ja/jp/endpoint-protection
Trend Micro Homepage (Japan)
25	Top Page	http://jp.trendmicro.com/jp/home/
26	Trend Micro HouseCall	http://jp.trendmicro.com/jp/tools/housecall/
VirusBlokAda
27	Top Page	http://anti-virus.by/en
VirusBuster
28	Top Page	http://www.virusbuster.hu/en
アラジン
29	eSafe	http://www.aladdin.co.jp/esafe/
アンラボ
30	V3 Internet Security	http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp
カスペルスキー
31	Kaspersky Anti-Virus	http://www.kaspersky.com/kaspersky_anti-virus
ソフォス株式会社
32	Top Page	http://www.sophos.com
マイクロソフト株式会社
33	Microsoft Security Essentials	http://windows.microsoft.com/ja-JP/windows/products/security-essentials
マカフィー株式会社
34	McAfee Web Gateway	http://www.mcafee.com/japan/products/web_gateway.asp
日本F-Secure株式会社
35	F-Secure Anti-Virus	http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview

Change Log

No	Changed Details	Date of change
0	[2012年03月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:bitdefender:bitdefender:7.2:::::::*
cpe:2.3:a:ahnlab:v3_internet_security:2011.01.18.00:::::::*
cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:::::::*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:::::::*
cpe:2.3:a:clamav:clamav:0.96.4:::::::*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:::::::*
cpe:2.3:a:anti-virus:vba32:3.12.14.2:::::::*
cpe:2.3:a:eset:nod32_antivirus:5795:::::::*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:::::::*
cpe:2.3:a:avira:antivir:7.11.1.163:::::::*
cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:::::::*
cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:::::::*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:::::::*
cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:::::::*
cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:::::::*
cpe:2.3:a:mcafee:gateway:2010.1c:::::::*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:::::::*
cpe:2.3:a:cat:quick_heal:11.00:::::::*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:::::::*
cpe:2.3:a:gdata-software:g_data_antivirus:21:::::::*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:::::::*
cpe:2.3:a:k7computing:antivirus:9.77.3565:::::::*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:::::::*
cpe:2.3:a:authentium:command_antivirus:5.2.11.5:::::::*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:::::::*
cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:::::::*
cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:::::::*
cpe:2.3:a:antiy:avl_sdk:2.0.3.7:::::::*
cpe:2.3:a:microsoft:security_essentials:2.0:::::::*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:::::::*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:::::::*
cpe:2.3:a:aladdin:esafe:7.0.17.0:::::::*
cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:::::::*
cpe:2.3:a:comodo:comodo_antivirus:7424:::::::*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:::::::*