Name of the Vulnerable Software and Affected Versions Avira AntiVir version 7.11.1.163 Antiy Labs AVL SDK version 2.0.3.7 avast! Antivirus versions 4.8.1351.0 through 5.0.677.0 AVG Anti-Virus version 10.0.0.1190 Bitdefender version 7.2 Quick Heal version 11.00 ClamAV version 0.96.4 Command Antivirus version 5.2.11.5 Emsisoft Anti-Malware version 5.1.0.1 eSafe version 7.0.17.0 F-Prot Antivirus version 4.6.2.117 G Data AntiVirus version 21 Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0 Jiangmin Antivirus version 13.0.900 K7 AntiVirus version 9.77.3565 Kaspersky Anti-Virus version 7.0.0.125 McAfee Anti-Virus Scanning Engine version 5.400.0.1158 McAfee Gateway version 2010.1C Microsoft Security Essentials version 2.0 NOD32 Antivirus version 5795 Norman Antivirus version 6.06.12 PC Tools AntiVirus version 7.0.3.5 Rising Antivirus version 22.83.00.03 Symantec Endpoint Protection version 11 Trend Micro AntiVirus version 9.120.0.1004 Trend Micro HouseCall version 9.120.0.1004 VBA32 version 3.12.14.2 VirusBuster version 13.6.151.0

Description The issue allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. This can be exploited by crafting a malicious TAR file.

Recommendations For Avira AntiVir version 7.11.1.163, update to a newer version that fixes the TAR file parser issue. For Antiy Labs AVL SDK version 2.0.3.7, update to a newer version that fixes the TAR file parser issue. For avast! Antivirus versions 4.8.1351.0 through 5.0.677.0, update to a newer version that fixes the TAR file parser issue. For AVG Anti-Virus version 10.0.0.1190, update to a newer version that fixes the TAR file parser issue. For Bitdefender version 7.2, update to a newer version that fixes the TAR file parser issue. For Quick Heal version 11.00, update to a newer version that fixes the TAR file parser issue. For ClamAV version 0.96.4, update to a newer version that fixes the TAR file parser issue. For Command Antivirus version 5.2.11.5, update to a newer version that fixes the TAR file parser issue. For Emsisoft Anti-Malware version 5.1.0.1, update to a newer version that fixes the TAR file parser issue. For eSafe version 7.0.17.0, update to a newer version that fixes the TAR file parser issue. For F-Prot Antivirus version 4.6.2.117, update to a newer version that fixes the TAR file parser issue. For G Data AntiVirus version 21, update to a newer version that fixes the TAR file parser issue. For Ikarus Virus Utilities T3 Command Line Scanner version 1.1.97.0, update to a newer version that fixes the TAR file parser issue. For Jiangmin Antivirus version 13.0.900, update to a newer version that fixes the TAR file parser issue. For K7 AntiVirus version 9.77.3565, update to a newer version that fixes the TAR file parser issue. For Kaspersky Anti-Virus version 7.0.0.125, update to a newer version that fixes the TAR file parser issue. For McAfee Anti-Virus Scanning Engine version 5.400.0.1158, update to a newer version that fixes the TAR file parser issue. For McAfee Gateway version 2010.1C, update to a newer version that fixes the TAR file parser issue. For Microsoft Security Essentials version 2.0, update to a newer version that fixes the TAR file parser issue. For NOD32 Antivirus version 5795, update to a newer version that fixes the TAR file parser issue. For Norman Antivirus version 6.06.12, update to a newer version that fixes the TAR file parser issue. For PC Tools AntiVirus version 7.0.3.5, update to a newer version that fixes the TAR file parser issue. For Rising Antivirus version 22.83.00.03, update to a newer version that fixes the TAR file parser issue. For Symantec Endpoint Protection version 11, update to a newer version that fixes the TAR file parser issue. For Trend Micro AntiVirus version 9.120.0.1004, update to a newer version that fixes the TAR file parser issue. For Trend Micro HouseCall version 9.120.0.1004, update to a newer version that fixes the TAR file parser issue. For VBA32 version 3.12.14.2, update to a newer version that fixes the TAR file parser issue. For VirusBuster version 13.6.151.0, update to a newer version that fixes the TAR file parser issue.