CVE-2012-1456

Name of the Vulnerable Software and Affected Versions AVG Anti-Virus version 10.0.0.1190 Quick Heal version 11.00 Comodo Antivirus version 7424 Emsisoft Anti-Malware version 5.1.0.1 eSafe version 7.0.17.0 F-Prot Antivirus version 4.6.2.117 Fortinet Antivirus version 4.2.254.0 Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0 Jiangmin Antivirus version 13.0.900 Kaspersky Anti-Virus version 7.0.0.125 McAfee Anti-Virus Scanning Engine version 5.400.0.1158 McAfee Gateway version 2010.1C NOD32 Antivirus version 5795 Norman Antivirus version 6.06.12 Panda Antivirus version 10.0.2.7 Rising Antivirus version 22.83.00.03 Sophos Anti-Virus version 4.61.0 Symantec Endpoint Protection 11 with AVEngine version 20101.3.0.103 Trend Micro AntiVirus version 9.120.0.1004 Trend Micro HouseCall version 9.120.0.1004

Description The TAR file parser in the listed antivirus software allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file.

Recommendations For AVG Anti-Virus version 10.0.0.1190, consider disabling the TAR file parser until a patch is available. For Quick Heal version 11.00, restrict access to the TAR file parser to minimize the risk of exploitation. For Comodo Antivirus version 7424, avoid using the TAR file parser with appended ZIP files until the issue is resolved. For Emsisoft Anti-Malware version 5.1.0.1, disable the TAR file parser as a temporary workaround. For eSafe version 7.0.17.0, restrict the use of the TAR file parser with ZIP files. For F-Prot Antivirus version 4.6.2.117, consider disabling the TAR file parser. For Fortinet Antivirus version 4.2.254.0, avoid using the TAR file parser with ZIP files. For Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0, restrict access to the TAR file parser. For Jiangmin Antivirus version 13.0.900, disable the TAR file parser as a temporary measure. For Kaspersky Anti-Virus version 7.0.0.125, consider restricting the use of the TAR file parser. For McAfee Anti-Virus Scanning Engine version 5.400.0.1158, avoid using the TAR file parser with appended ZIP files. For McAfee Gateway version 2010.1C, restrict access to the TAR file parser. For NOD32 Antivirus version 5795, disable the TAR file parser until a patch is available. For Norman Antivirus version 6.06.12, consider disabling the TAR file parser. For Panda Antivirus version 10.0.2.7, restrict the use of the TAR file parser with ZIP files. For Rising Antivirus version 22.83.00.03, avoid using the TAR file parser with appended ZIP files. For Sophos Anti-Virus version 4.61.0, disable the TAR file parser as a temporary workaround. For Symantec Endpoint Protection 11 with AVEngine version 20101.3.0.103, restrict access to the TAR file parser. For Trend Micro AntiVirus version 9.120.0.1004, consider disabling the TAR file parser. For Trend Micro HouseCall version 9.120.0.1004, avoid using the TAR file parser with ZIP files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.