What is CVE-2012-1458?

CVE-2012-1458 is a vulnerability in Clamav, classified under CWE-264. Published 2012-03-21.

Is CVE-2012-1458 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Clamav

CVE-2012-1458

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVE…

EPSS: 0.081 (92.3th percentile) — read the EPSS interpretation.

Affected products

Clamav — versions 0.96.4
Sophos Sophos_anti-virus — versions 4.61.0
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

openSUSE-SU-2012:0833 (vendor-advisory, x_refsource_SUSE)
20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products (mailing-list, x_refsource_BUGTRAQ)
52611 (vdb-entry, x_refsource_BID)
80473 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_MISC)
multiple-av-chm-header-evasion(74301) (vdb-entry, x_refsource_XF)
80474 (x_refsource_OSVDB, vdb-entry)
MDVSA-2012:094 (vendor-advisory, x_refsource_MANDRIVA)

Frequently asked questions

What is CVE-2012-1458?: CVE-2012-1458 is a vulnerability in Clamav, classified under CWE-264. Published 2012-03-21.
Is CVE-2012-1458 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.