NVD Vulnerability Detail

CVE-2012-1456

Summary	The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Publication Date	March 21, 2012, 7:11 p.m.
Registration Date	Jan. 28, 2021, 2:55 p.m.
Last Update	Nov. 21, 2024, 10:37 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:::::::*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:::::::*
cpe:2.3:a:eset:nod32_antivirus:5795:::::::*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:::::::*
cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:::::::*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:::::::*
cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:::::::*
cpe:2.3:a:mcafee:gateway:2010.1c:::::::*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:::::::*
cpe:2.3:a:cat:quick_heal:11.00:::::::*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:::::::*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:::::::*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:::::::*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:::::::*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:::::::*
cpe:2.3:a:aladdin:esafe:7.0.17.0:::::::*
cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:::::::*
cpe:2.3:a:comodo:comodo_antivirus:7424:::::::*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/80389
2	http://osvdb.org/80389
3	http://osvdb.org/80390
4	http://osvdb.org/80390
5	http://osvdb.org/80391
6	http://osvdb.org/80391
7	http://osvdb.org/80395
8	http://osvdb.org/80395
9	http://osvdb.org/80396
10	http://osvdb.org/80396
11	http://osvdb.org/80403
12	http://osvdb.org/80403
13	http://osvdb.org/80406
14	http://osvdb.org/80406
15	http://osvdb.org/80409
16	http://osvdb.org/80409
17	http://www.ieee-security.org/TC/SP2012/program.html
18	http://www.ieee-security.org/TC/SP2012/program.html
19	http://www.securityfocus.com/archive/1/522005
20	http://www.securityfocus.com/archive/1/522005
21	http://www.securityfocus.com/bid/52608
22	http://www.securityfocus.com/bid/52608
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/74289
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/74289

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性

Title	複数の製品の TAR ファイルパーサにおけるマルウェア検知を回避される脆弱性
Summary	複数の製品の TAR ファイルパーサには、マルウェア検知を回避される脆弱性が存在します。異なる TAR パーサの実装にも問題があると公表された場合、本脆弱性は複数の CVE に分割される可能性があります。
Possible impacts	第三者により、ZIP ファイルを添付された TAR ファイルを介して、マルウェア検知を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 21, 2012, midnight
Registration Date	March 26, 2012, 2:28 p.m.
Last Update	March 26, 2012, 2:28 p.m.

Affected System

トレンドマイクロ

Trend Micro Antivirus 9.120.0.1004

Trend Micro HouseCall 9.120.0.1004

シマンテック

Symantec Endpoint Protection 11

マカフィー

McAfee Scan Engine 5.400.0.1158

McAfee Web Gateway ソフトウェア 2010.1C

Panda Security

Panda Antivirus 10.0.2.7

ESET

ESET NOD32アンチウイルス 5795

Emsisoft

Emsisoft Anti-Malware 5.1.0.1

アラジン

eSafe 7.0.17.0

Ikarus

Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0

ソフォス

Sophos Anti-Virus 4.61.0

Beijing Rising International Software

Rising Antivirus 22.83.00.03

フォーティネット

Fortinet Antivirus 4.2.254.0

クイックヒール・テクノロジーズ・ジャパン株式会社

Quick Heal 11.00

Comodo

Comodo Antivirus 7424

FRISK Software International

F-Prot Antivirus 4.6.2.117

Norman

Norman Antivirus 6.06.12

カスペルスキー

Kaspersky Anti-Virus 7.0.0.125

Jiangmin

Jiangmin Antivirus 13.0.900

AVG Technologies

AVG Anti-Virus 10.0.0.1190

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1456	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1456
National Vulnerability Database (NVD)
2	CVE-2012-1456	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1456

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
AVG Technologies
1	AVG Anti-Virus	http://www.avgjapan.com/home-small-office-security/buy-antivirus
Beijing Rising International Software
2	Rising Antivirus	http://www.rising-global.com/
Comodo
3	Comodo Antivirus	http://www.comodo.com/home/internet-security/antivirus.php
Emsisoft
4	Emsisoft Anti-Malware	http://www.emsisoft.com/en/software/antimalware/
ESET
5	ESET NOD32アンチウイルス	http://www.eset.com/us/
Fortinet
6	Fortinet Antivirus	http://www.fortinet.com/solutions/antivirus.html
FRISK Software International
7	F-Prot Antivirus	http://www.f-prot.com/index.html
Ikarus
8	Top Page	http://www.ikarus.at/en/
Jiangmin
9	Jiangmin Antivirus	http://global.jiangmin.com/
McAfee
10	McAfee Scan Engine	http://www.mcafee.com/us/support/support-eol-scan-engine.aspx
11	McAfee Web Gateway	http://www.mcafee.com/us/products/web-gateway.aspx
Norman
12	Norman Antivirus	http://www.norman.com/products/antivirus_antispyware/en
Panda Security
13	Panda Antivirus	http://www.ps-japan.co.jp/
Quick Heal Technologies
14	Quick Heal	http://www.quickheal.com/
Sophos
15	Sophos Anti-Virus	http://www.sophos.com/ja-jp/
Symantec Corporation
16	Endpoint Protection	http://www.symantec.com/ja/jp/endpoint-protection
Trend Micro Homepage (Japan)
17	Top Page	http://jp.trendmicro.com/jp/home/index.html
18	Trend Micro HouseCall	http://housecall.trendmicro.com/
アラジン
19	eSafe	http://www.aladdin.co.jp/esafe/
カスペルスキー
20	Kaspersky Anti-Virus	http://www.kaspersky.com/kaspersky_anti-virus

Change Log

No	Changed Details	Date of change
0	[2012年03月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:::::::*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:::::::*
cpe:2.3:a:eset:nod32_antivirus:5795:::::::*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:::::::*
cpe:2.3:a:symantec:endpoint_protection:11.0:::::::*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:::::::*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:::::::*
cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:::::::*
cpe:2.3:a:mcafee:gateway:2010.1c:::::::*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:::::::*
cpe:2.3:a:cat:quick_heal:11.00:::::::*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:::::::*
cpe:2.3:a:fortinet:fortinet_antivirus:4.2.254.0:::::::*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:::::::*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:::::::*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:::::::*
cpe:2.3:a:aladdin:esafe:7.0.17.0:::::::*
cpe:2.3:a:pandasecurity:panda_antivirus:10.0.2.7:::::::*
cpe:2.3:a:comodo:comodo_antivirus:7424:::::::*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:::::::*