PT-2012-3273 · Trend Micro+3 · Trend Micro Housecall+4

Publicado

2012-03-21

·

Atualizado

2012-11-06

·

CVE-2012-1448

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Quick Heal versions 11.00 Trend Micro AntiVirus version 9.120.0.1004 Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0 Trend Micro HouseCall version 9.120.0.1004 Emsisoft Anti-Malware version 5.1.0.1
Description The issue allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. This could potentially be exploited in various products that utilize a vulnerable CAB file parser.
Recommendations For Quick Heal version 11.00, update to a version that fixes the CAB file parser issue. For Trend Micro AntiVirus version 9.120.0.1004, update to a version that fixes the CAB file parser issue. For Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0, update to a version that fixes the CAB file parser issue. For Trend Micro HouseCall version 9.120.0.1004, update to a version that fixes the CAB file parser issue. For Emsisoft Anti-Malware version 5.1.0.1, update to a version that fixes the CAB file parser issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-1448

Produtos afetados

Emsisoft Anti-Malware
Ikarus Virus Utilities T3 Command Line Scanner
Quick Heal
Trend Micro Antivirus
Trend Micro Housecall