CVE-2012-1428 Information

Description

The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00 Norman Antivirus 6.06.12 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Reference

http://osvdb.org/80390 http://osvdb.org/80409 http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005 http://www.securityfocus.com/bid/52579 https://exchange.xforce.ibmcloud.com/vulnerabilities/74243