CVE-2012-1431 - OpenCVE

The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aladdin	Esafe
Authentium	Command Antivirus
Bitdefender	Bitdefender
Comodo	Comodo Antivirus
F-prot	F-prot Antivirus
F-secure	F-secure Anti-virus
Mcafee	Gateway
Nprotect	Nprotect Antivirus
Rising-global	Rising Antivirus
Sophos	Sophos Anti-virus

Configuration 1 [-]

OR	cpe:2.3:a:aladdin:esafe:7.0.17.0:::::::*
	cpe:2.3:a:authentium:command_antivirus:5.2.11.5:::::::*
	cpe:2.3:a:bitdefender:bitdefender:7.2:::::::*
	cpe:2.3:a:comodo:comodo_antivirus:7424:::::::*
	cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:::::::*
	cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:::::::*
	cpe:2.3:a:mcafee:gateway:2010.1c:::::::*
	cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:::::::*
	cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:::::::*
	cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:::::::*

No data.

References

Link	Providers
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-03-21T10:00:00Z

Updated: 2024-09-17T03:27:21.793Z

Reserved: 2012-02-29T00:00:00Z

Link: CVE-2012-1431

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-03-21T10:11:47.630

Modified: 2012-03-27T04:00:00.000

Link: CVE-2012-1431

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-03-21T10:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/522005"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ieee-security.org/TC/SP2012/program.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1431", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/522005"}, {"name": "http://www.ieee-security.org/TC/SP2012/program.html", "refsource": "MISC", "url": "http://www.ieee-security.org/TC/SP2012/program.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:37.314Z"}, "title": "CVE Program Container", "references": [{"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/522005"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ieee-security.org/TC/SP2012/program.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1431", "datePublished": "2012-03-21T10:00:00Z", "dateReserved": "2012-02-29T00:00:00Z", "dateUpdated": "2024-09-17T03:27:21.793Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C6590DF-9164-4A76-ADEE-9110C5E3588E", "vulnerable": true}, {"criteria": "cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "192DFD98-11AA-4E7A-A1CB-53FC06FEB20F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "24D7D7FA-20E9-4560-ABC6-154CD918E307", "vulnerable": true}, {"criteria": "cpe:2.3:a:comodo:comodo_antivirus:7424:*:*:*:*:*:*:*", "matchCriteriaId": "803A9A92-A984-43A8-8D27-C9A6FDB19A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*", "matchCriteriaId": "961708EB-3124-4147-A36D-BAD9241D0C88", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:f-secure_anti-virus:9.0.16160.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB884937-53F0-4BB5-AA8F-1CCDCD1221D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*", "matchCriteriaId": "18FC30B1-4FB3-4891-93FE-63A93E686EB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nprotect:nprotect_antivirus:2011-01-17.01:*:*:*:*:*:*:*", "matchCriteriaId": "D386C31F-6114-4A15-B0D5-15686D7EF8B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*", "matchCriteriaId": "EF8ADA91-4042-4E1B-9F14-78023F24B137", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*", "matchCriteriaId": "0912E21E-1EEB-4ADD-958F-F8AEBBF7C5E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."}, {"lang": "es", "value": "El analizador de archivos ELF en BitDefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (anteriormente Webwasher) 2010.1C, nProtect anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, y Rising Antivirus 22.83.00.03 permite a atacantes remotos evitar la detecci\u00f3n de malware a trav\u00e9s de un archivo ELF con una secuencia de caracteres \\ 4a \\ 46 \\ 49 \\ 46 en una determinada ubicaci\u00f3n. NOTA: esto m\u00e1s adelante se puede dividir en varios CVEs si la informaci\u00f3n adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador ELF."}], "id": "CVE-2012-1431", "lastModified": "2012-03-27T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-03-21T10:11:47.630", "references": [{"source": "cve@mitre.org", "url": "http://www.ieee-security.org/TC/SP2012/program.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/522005"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}