CVE-2012-1420

Name of the Vulnerable Software and Affected Versions Quick Heal versions 11.00 Command Antivirus version 5.2.11.5 F-Prot Antivirus version 4.6.2.117 Fortinet Antivirus version 4.2.254.0 K7 AntiVirus version 9.77.3565 Kaspersky Anti-Virus version 7.0.0.125 Microsoft Security Essentials version 2.0 NOD32 Antivirus version 5795 Norman Antivirus version 6.06.12 Panda Antivirus version 10.0.2.7 Rising Antivirus version 22.83.00.03

Description The issue allows remote attackers to bypass malware detection via a POSIX TAR file with an initial 7fELF character sequence. This affects the TAR file parser in various antivirus software products.

Recommendations For Quick Heal version 11.00, update the TAR file parser to correctly handle POSIX TAR files. For Command Antivirus version 5.2.11.5, modify the malware detection mechanism to account for the 7fELF character sequence. For F-Prot Antivirus version 4.6.2.117, improve the TAR file parsing to prevent bypassing of malware detection. For Fortinet Antivirus version 4.2.254.0, enhance the antivirus engine to detect malware within POSIX TAR files. For K7 AntiVirus version 9.77.3565, update the antivirus software to properly handle the 7fELF character sequence. For Kaspersky Anti-Virus version 7.0.0.125, patch the TAR file parser to prevent malware detection bypass. For Microsoft Security Essentials version 2.0, update the Antimalware Engine to correctly parse POSIX TAR files. For NOD32 Antivirus version 5795, modify the antivirus software to detect malware in POSIX TAR files. For Norman Antivirus version 6.06.12, improve the TAR file parsing mechanism to prevent bypassing of malware detection. For Panda Antivirus version 10.0.2.7, update the antivirus engine to handle the 7fELF character sequence. For Rising Antivirus version 22.83.00.03, enhance the malware detection mechanism to account for POSIX TAR files.