CVE-2012-1443 Information

Description

The RAR file parser in ClamAV 0.96.4 Rising Antivirus 22.83.00.03 Quick Heal (aka Cat QuickHeal) 11.00 G Data AntiVirus 21 AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 Command Antivirus 5.2.11.5 Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 Emsisoft Anti-Malware 5.1.0.1 PC Tools AntiVirus 7.0.3.5 F-Prot Antivirus 4.6.2.117 VirusBuster 13.6.151.0 Fortinet Antivirus 4.2.254.0 Antiy Labs AVL SDK 2.0.3.7 K7 AntiVirus 9.77.3565 Trend Micro HouseCall 9.120.0.1004 Kaspersky Anti-Virus 7.0.0.125 Jiangmin Antivirus 13.0.900 Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0 Sophos Anti-Virus 4.61.0 NOD32 Antivirus 5795 Avira AntiVir 7.11.1.163 Norman Antivirus 6.06.12 McAfee Anti-Virus Scanning Engine 5.400.0.1158 Panda Antivirus 10.0.2.7 McAfee Gateway (formerly Webwasher) 2010.1C Trend Micro AntiVirus 9.120.0.1004 Comodo Antivirus 7424 Bitdefender 7.2 eSafe 7.0.17.0 F-Secure Anti-Virus 9.0.16160.0 nProtect Anti-Virus 2011-01-17.01 AhnLab V3 Internet Security 2011.01.18.00 AVG Anti-Virus 10.0.0.1190 avast! Antivirus 4.8.1351.0 and 5.0.677.0 and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

Reference

http://osvdb.org/80454 http://osvdb.org/80455 http://osvdb.org/80456 http://osvdb.org/80457 http://osvdb.org/80458 http://osvdb.org/80459 http://osvdb.org/80460 http://osvdb.org/80461 http://osvdb.org/80467 http://osvdb.org/80468 http://osvdb.org/80469 http://osvdb.org/80470 http://osvdb.org/80471 http://osvdb.org/80472 http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005 http://www.securityfocus.com/bid/52612