CVE-2012-1425 Information

Description

The TAR file parser in Avira AntiVir 7.11.1.163 Antiy Labs AVL SDK 2.0.3.7 Quick Heal (aka Cat QuickHeal) 11.00 Emsisoft Anti-Malware 5.1.0.1 Fortinet Antivirus 4.2.254.0 Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 Jiangmin Antivirus 13.0.900 Kaspersky Anti-Virus 7.0.0.125 McAfee Anti-Virus Scanning Engine 5.400.0.1158 McAfee Gateway (formerly Webwasher) 2010.1C NOD32 Antivirus 5795 Norman Antivirus 6.06.12 PC Tools AntiVirus 7.0.3.5 AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 Trend Micro AntiVirus 9.120.0.1004 and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Reference

http://osvdb.org/80389 http://osvdb.org/80391 http://osvdb.org/80392 http://osvdb.org/80395 http://osvdb.org/80396 http://osvdb.org/80403 http://osvdb.org/80409 http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005