CVE-2012-1427

2012-03-2110:11:47

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-1427

quick heal

norman antivirus

sophos anti-virus

tar file parser

malware detection

remote attackers

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.969 High

EPSS

Percentile

99.7%

JSON

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected configurations

NVD

Node

catquick_healMatch11.00

normannorman_antivirus_\&_antispywareMatch6.06.12

sophossophos_anti-virusMatch4.61.0

CPENameOperatorVersion
cat:quick_healcat quick healeq11.00
norman:norman_antivirus_\&_antispywarenorman norman antivirus & antispywareeq6.06.12
sophos:sophos_anti-virussophos sophos anti-viruseq4.61.0

CPE	Name	Operator	Version
cat:quick_heal	cat quick heal	eq	11.00
norman:norman_antivirus_\&_antispyware	norman norman antivirus & antispyware	eq	6.06.12
sophos:sophos_anti-virus	sophos sophos anti-virus	eq	4.61.0