CVE-2012-1457

Name of the Vulnerable Software and Affected Versions Avira AntiVir version 7.11.1.163 Antiy Labs AVL SDK version 2.0.3.7 avast! Antivirus versions 4.8.1351.0 through 5.0.677.0 AVG Anti-Virus version 10.0.0.1190 Bitdefender version 7.2 Quick Heal version 11.00 ClamAV version 0.96.4 Command Antivirus version 5.2.11.5 Emsisoft Anti-Malware version 5.1.0.1 eSafe version 7.0.17.0 F-Prot Antivirus version 4.6.2.117 G Data AntiVirus version 21 Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0 Jiangmin Antivirus version 13.0.900 K7 AntiVirus version 9.77.3565 Kaspersky Anti-Virus version 7.0.0.125 McAfee Anti-Virus Scanning Engine version 5.400.0.1158 McAfee Gateway version 2010.1C Microsoft Security Essentials version 2.0 NOD32 Antivirus version 5795 Norman Antivirus version 6.06.12 PC Tools AntiVirus version 7.0.3.5 Rising Antivirus version 22.83.00.03 Symantec Endpoint Protection version 11 Trend Micro AntiVirus version 9.120.0.1004 Trend Micro HouseCall version 9.120.0.1004 VBA32 version 3.12.14.2 VirusBuster version 13.6.151.0

Description The TAR file parser in the listed antivirus software allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

Recommendations For Avira AntiVir version 7.11.1.163, update to a newer version to mitigate the risk. For Antiy Labs AVL SDK version 2.0.3.7, update to a newer version to mitigate the risk. For avast! Antivirus versions 4.8.1351.0 through 5.0.677.0, update to a newer version to mitigate the risk. For AVG Anti-Virus version 10.0.0.1190, update to a newer version to mitigate the risk. For Bitdefender version 7.2, update to a newer version to mitigate the risk. For Quick Heal version 11.00, update to a newer version to mitigate the risk. For ClamAV version 0.96.4, update to a newer version to mitigate the risk. For Command Antivirus version 5.2.11.5, update to a newer version to mitigate the risk. For Emsisoft Anti-Malware version 5.1.0.1, update to a newer version to mitigate the risk. For eSafe version 7.0.17.0, update to a newer version to mitigate the risk. For F-Prot Antivirus version 4.6.2.117, update to a newer version to mitigate the risk. For G Data AntiVirus version 21, update to a newer version to mitigate the risk. For Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0, update to a newer version to mitigate the risk. For Jiangmin Antivirus version 13.0.900, update to a newer version to mitigate the risk. For K7 AntiVirus version 9.77.3565, update to a newer version to mitigate the risk. For Kaspersky Anti-Virus version 7.0.0.125, update to a newer version to mitigate the risk. For McAfee Anti-Virus Scanning Engine version 5.400.0.1158, update to a newer version to mitigate the risk. For McAfee Gateway version 2010.1C, update to a newer version to mitigate the risk. For Microsoft Security Essentials version 2.0, update to a newer version to mitigate the risk. For NOD32 Antivirus version 5795, update to a newer version to mitigate the risk. For Norman Antivirus version 6.06.12, update to a newer version to mitigate the risk. For PC Tools AntiVirus version 7.0.3.5, update to a newer version to mitigate the risk. For Rising Antivirus version 22.83.00.03, update to a newer version to mitigate the risk. For Symantec Endpoint Protection version 11, update to a newer version to mitigate the risk. For Trend Micro AntiVirus version 9.120.0.1004, update to a newer version to mitigate the risk. For Trend Micro HouseCall version 9.120.0.1004, update to a newer version to mitigate the risk. For VBA32 version 3.12.14.2, update to a newer version to mitigate the risk. For VirusBuster version 13.6.151.0, update to a newer version to mitigate the risk.