CVE-2012-1454

CWE-2643 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 66.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Aladdin Esafe Drweb Dr.web Antivirus Fortinet Fortinet Antivirus +3 more

Timeline

PublishedMar 21

Latest updateMay 17

Description

The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶NVDfortinet/fortinet_antivirus4.2.254.0

▶NVDpandasecurity/panda_antivirus10.0.2.7

▶NVDrising-global/rising_antivirus22.83.00.03

▶NVDdrweb/dr.web_antivirus5.0.2.03300

▶NVDmcafee/gateway2010.1c

🔴Vulnerability Details

GHSA

GHSA-2gw9-xrfp-7749: The ELF file parser in Dr↗2022-05-17

▶

CVEList

CVE-2012-1454: The ELF file parser in Dr↗2012-03-21

▶