CVE-2012-1459

Name of the Vulnerable Software and Affected Versions AhnLab V3 Internet Security version 2011.01.18.00 Avira AntiVir version 7.11.1.163 Antiy Labs AVL SDK version 2.0.3.7 avast! Antivirus versions 4.8.1351.0 through 5.0.677.0 AVG Anti-Virus version 10.0.0.1190 Bitdefender version 7.2 Quick Heal version 11.00 ClamAV version 0.96.4 Command Antivirus version 5.2.11.5 Comodo Antivirus version 7424 Emsisoft Anti-Malware version 5.1.0.1 F-Prot Antivirus version 4.6.2.117 F-Secure Anti-Virus version 9.0.16160.0 Fortinet Antivirus version 4.2.254.0 G Data AntiVirus version 21 Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0 Jiangmin Antivirus version 13.0.900 K7 AntiVirus version 9.77.3565 Kaspersky Anti-Virus version 7.0.0.125 McAfee Anti-Virus Scanning Engine version 5.400.0.1158 McAfee Gateway version 2010.1C Microsoft Security Essentials version 2.0 NOD32 Antivirus version 5795 Norman Antivirus version 6.06.12 nProtect Anti-Virus version 2011-01-17.01 Panda Antivirus version 10.0.2.7 PC Tools AntiVirus version 7.0.3.5 Rising Antivirus version 22.83.00.03 Sophos Anti-Virus version 4.61.0 Symantec Endpoint Protection version 11 Trend Micro AntiVirus version 9.120.0.1004 Trend Micro HouseCall version 9.120.0.1004 VBA32 version 3.12.14.2 VirusBuster version 13.6.151.0

Description The TAR file parser in the listed software allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry.

Recommendations For each of the affected versions, apply the necessary patches or updates to fix the TAR file parser issue. As a temporary workaround, consider restricting the handling of TAR archives until a patch is available. Avoid using the affected TAR file parser implementations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.