CVE-2012-1448

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-1448
The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.ieee-security.org/TC/SP2012/program.html
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52603
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-03-21 10:11

Updated : 2023-12-10 11:16

NVD link : CVE-2012-1448

Mitre link : CVE-2012-1448

CVE.ORG link : CVE-2012-1448

JSON object : View

Products Affected

trendmicro

  • trend_micro_antivirus
  • housecall

cat

  • quick_heal

ikarus

  • ikarus_virus_utilities_t3_command_line_scanner

emsisoft

  • anti-malware
CWE
CWE-264

Permissions, Privileges, and Access Controls