CVE-2012-1424

Name of the Vulnerable Software and Affected Versions Antiy Labs AVL SDK version 2.0.3.7 Quick Heal version 11.00 Jiangmin Antivirus version 13.0.900 Norman Antivirus version 6.06.12 PC Tools AntiVirus version 7.0.3.5 Sophos Anti-Virus version 4.61.0

Description The issue allows remote attackers to bypass malware detection via a POSIX TAR file with a specific character sequence at a certain location. This is achieved by including a 19040010 character sequence in the TAR file.

Recommendations For Antiy Labs AVL SDK version 2.0.3.7, update the TAR file parser to correctly handle the POSIX TAR file format. For Quick Heal version 11.00, modify the malware detection mechanism to account for the specific character sequence. For Jiangmin Antivirus version 13.0.900, adjust the TAR file parsing logic to prevent bypassing of malware detection. For Norman Antivirus version 6.06.12, implement a fix to properly handle the 19040010 character sequence in TAR files. For PC Tools AntiVirus version 7.0.3.5, update the antivirus engine to detect malware in TAR files with the specified character sequence. For Sophos Anti-Virus version 4.61.0, apply a patch to the TAR file parser to prevent malware detection bypass.