CVE-2012-1423

CWE-2643 documents3 sources

Severity

4.3MEDIUM

EPSS

3.7%

top 12.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Authentium Command Antivirus Emsisoft Anti-malware Eset Nod32 Antivirus +8 more

Timeline

PublishedMar 21

Latest updateMay 17

Description

The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages11 packages

▶NVDauthentium/command_antivirus5.2.11.5

▶NVDeset/nod32_antivirus5795

▶NVDf-prot/f-prot_antivirus4.6.2.117

▶NVDfortinet/fortinet_antivirus4.2.254.0

▶NVDpc_tools/pc_tools_antivirus7.0.3.5

🔴Vulnerability Details

GHSA

GHSA-j8cw-3wc5-89wm: The TAR file parser in Command Antivirus 5↗2022-05-17

▶

CVEList

CVE-2012-1423: The TAR file parser in Command Antivirus 5↗2012-03-21

▶