CVE-2012-1460 — MEDIUM (4.3)

Vulnerability Description

The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Aladdin	Esafe	7.0.17.0
Anti-Virus	Vba32	3.12.14.2
Antiy	Avl Sdk	2.0.3.7
Authentium	Command Antivirus	5.2.11.5
Cat	Quick Heal	11.00
F-Prot	F-Prot Antivirus	4.6.2.117
Jiangmin	Jiangmin Antivirus	13.0.900
K7Computing	Antivirus	9.77.3565

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2012-1460?

CVE-2012-1460 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVi...

How severe is CVE-2012-1460?

CVE-2012-1460 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-1460?

Check the references section above for vendor advisories and patch information. Affected products include: Aladdin Esafe, Anti-Virus Vba32, Antiy Avl Sdk, Authentium Command Antivirus, Cat Quick Heal.