CVE-2012-1429

The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway formerly Webwasher 2010.1C, and...

CVE-2012-1455

The CVE-2012-1455 entry affects the CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03, where a modified vMinor version field in CAB files can bypass malware detection. The vulnerability is tied to the CAB parser implementation in these products and the impact is bypass of d...

CVE-2012-1437

CVE-2012-1437 affects the Microsoft Office file parser in Comodo Antivirus 7425. A crafted Office file containing the byte sequence \50\4B\53\70\58 at a specific location can bypass malware detection, as described in connected records. The vulnerability is tied to the Office file parsing logic us...

CVE-2012-1423

The CVE-2012-1423 entry covers a TAR file parser flaw affecting multiple antivirus products (Command Antivirus 5.2.11.5; Emsisoft Anti-Malware 5.1.0.1; F-Prot Antivirus 4.6.2.117; Fortinet Antivirus 4.2.254.0; Ikarus T3 CLI Scanner 1.1.97.0; K7 AntiVirus 9.77.3565; NOD32 5795; Norman 6.06.12; PC ...

CVE-2012-1423

The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5,...

CVE-2012-1458

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the...

CVE-2012-1459

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal aka Cat QuickHeal 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo...

SuSE 11.1 Security Update : wireshark (SAT Patch Number 5741)

This version upgrade of wireshark to 1.4.11 fixes the following security issues : - RLC dissector buffer overflow. CVE-2012-0043 - multiple file parser vulnerabilities. CVE-2012-0041 - NULL pointer vulnerabilities. CVE-2012-0042 - DoS due to too large buffer alloc request. CVE-2012-0066 - DoS due...

SuSE 10 Security Update : wireshark (ZYPP Patch Number 7943)

This version upgrade of wireshark to 1.4.11 fixes the following security issues : - RLC dissector buffer overflow. CVE-2012-0043 - multiple file parser vulnerabilities. CVE-2012-0041 - NULL pointer vulnerabilities. CVE-2012-0042 - DoS due to too large buffer alloc request. CVE-2012-0066 - DoS due...

SuSE 11.1 Security Update : wireshark (SAT Patch Number 5281)

This update of wireshark fixes the following vulnerabilities : - Wireshark IKE dissector vulnerability. CVE-2011-3266 - Wireshark Lua script execution vulnerability. CVE-2011-3360 - Wireshark buffer exception handling vulnerability. CVE-2011-3483 - Lucent/Ascend file parser susceptible to infinit...

Oracle Outside In CorelDRAW File Parser Integer Overflow (CVE-2011-2264; CVE-2011-3541)

An integer overflow vulnerability has been reported in Oracle Outside-In. The vulnerability is due to improper bounds checking of user-supplied values while parsing malicious CorelDRAW cdr files. A remote attacker may exploit this vulnerability by sending a malicious CDR file to a target user...

CVE-2011-4102

Heap-based buffer overflow in the erfreadheader function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service application crash via a malformed file...

CVE-2011-4102

Heap-based buffer overflow in the erfreadheader function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service application crash via a malformed file...

DEBIAN-CVE-2011-4102

Heap-based buffer overflow in the erfreadheader function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service application crash via a malformed file...

CVE-2011-4102

Heap-based buffer overflow in the erfreadheader function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service application crash via a malformed file...

CVE-2011-4102

Heap-based buffer overflow in the erfreadheader function in wiretap/erf.c in the ERF file parser in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service application crash via a malformed file...

Oracle Outside In CorelDRAW File Parser Stack Buffer Overflow (CVE-2011-2264)

A code execution vulnerability has been reported in Oracle Outside-In. The vulnerability is due to improper bounds checking of certain values while parsing malicious CorelDRAW cdr files. A remote attacker may exploit this vulnerability by sending a malicious .cdr file to a target user. Successful...

java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

Design/Logic Flaw

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

CVE-2011-3387

CVE-2011-3387 targets IBM Java 1.4.2 SR13 FP9 (IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10). A denial-of-service is caused by a crafted class file attribute length field, due to validation timing, leading to memory consumption or an infinite loop. The issue is distinc...