Bypass of Malware Detection in ClamAV and Sophos Anti-Virus Products
CVE-2012-1458

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav; Sophos Anti-virus
Vendor: CVE Published:; 21 March 2012

What is CVE-2012-1458?

The Microsoft CHM file parser within ClamAV and Sophos Anti-Virus has a security flaw that allows attackers to evade malware detection by crafting a specific reset interval in the LZXC header of a CHM file. This vulnerability can be exploited by an attacker to bypass the security measures designed to detect malicious content in CHM files, potentially exposing users to unrecognized threats.

References

http://lists.opensuse.org/opensuse-security-announce/2012...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/archive/1/522005

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/52611

vdb-entryx_refsource_BID

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 21, 2012
Vulnerability Reserved
Feb 29, 2012

Clamav

What is CVE-2012-1458?

References

EPSS Score

Timeline