File Parsing Vulnerability in Emsisoft and Sophos Anti-Virus Products
CVE-2012-1450

Currently unrated

Key Information:

Vendor: Sophos
Status: Sophos Anti-virus; Ikarus Virus Utilities T3 Command Line Scanner; Anti-malware
Vendor: CVE Published:; 21 March 2012

Summary

The vulnerability found in the CAB file parser of specific antivirus software products enables remote attackers to bypass malware detection mechanisms. By crafting a CAB file with a modified reserved3 field, attackers can exploit this flaw, allowing malicious files to evade detection and potentially execute harmful actions without alerting the user or the software. This issue highlights the importance of robust parsing mechanisms within antivirus solutions to prevent sophisticated evasion techniques.

References

http://www.securityfocus.com/archive/1/522005

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/52617

vdb-entryx_refsource_BID

http://www.ieee-security.org/TC/SP2012/program.html

x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 21, 2012
Vulnerability Reserved
Feb 29, 2012