CVE-2012-1420

CWE-2643 documents3 sources

Severity

4.3MEDIUM

EPSS

16.4%

top 5.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Authentium Command Antivirus CAT Quick Heal Eset Nod32 Antivirus +8 more

Timeline

PublishedMar 21

Latest updateMay 17

Description

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: …

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages11 packages

▶NVDpandasecurity/panda_antivirus10.0.2.7

▶NVDeset/nod32_antivirus5795

▶NVDf-prot/f-prot_antivirus4.6.2.117

▶NVDfortinet/fortinet_antivirus4.2.254.0

▶NVDauthentium/command_antivirus5.2.11.5

🔴Vulnerability Details

GHSA

GHSA-cvrw-mvxm-869j: The TAR file parser in Quick Heal (aka Cat QuickHeal) 11↗2022-05-17

▶

CVEList

CVE-2012-1420: The TAR file parser in Quick Heal (aka Cat QuickHeal) 11↗2012-03-21

▶