What is CVE-2012-1457?

CVE-2012-1457 is a vulnerability in Aladdin Esafe, classified under CWE-264. Published 2012-03-21.

Is CVE-2012-1457 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Aladdin Esafe

CVE-2012-1457

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2…

EPSS: 0.508 (97.9th percentile) — read the EPSS interpretation.

Affected products

Aladdin Esafe — versions 7.0.17.0
Alwil Avast_antivirus — versions 4.8.1351.0, 5.0.677.0
Anti-virus Vba32 — versions 3.12.14.2
Antiy Avl_sdk — versions 2.0.3.7
Authentium Command_antivirus — versions 5.2.11.5
Avg Avg_anti-virus — versions 10.0.0.1190
Avira Antivir — versions 7.11.1.163
Bitdefender — versions 7.2
Cat Quick_heal — versions 11.00
Clamav — versions 0.96.4

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

openSUSE-SU-2012:0833 (vendor-advisory, x_refsource_SUSE)
80406 (x_refsource_OSVDB, vdb-entry)
80393 (x_refsource_OSVDB, vdb-entry)
20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (mailing-list, x_refsource_BUGTRAQ)
80403 (x_refsource_OSVDB, vdb-entry)
80389 (x_refsource_OSVDB, vdb-entry)
80391 (x_refsource_OSVDB, vdb-entry)
80409 (x_refsource_OSVDB, vdb-entry)
80396 (x_refsource_OSVDB, vdb-entry)
80392 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2012-1457?: CVE-2012-1457 is a vulnerability in Aladdin Esafe, classified under CWE-264. Published 2012-03-21.
Is CVE-2012-1457 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.