// For flags

CVE-2012-1419

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

El analizador de archivos TAR en ClamAV 0.96.4 y Quick Heal (también conocido como Cat QuickHeal) 11.00 permite a atacantes remotos evitar la detección de malware a través de un archivo TAR POSIX con una secuencia de caracteres inicial [aliases]. NOTA: esto más adelante se puede dividir en varios CVEs si la información adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador TAR.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-29 CVE Reserved
  • 2012-03-19 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cat
Search vendor "Cat"
Quick Heal
Search vendor "Cat" for product "Quick Heal"
11.00
Search vendor "Cat" for product "Quick Heal" and version "11.00"
-
Affected
Clamav
Search vendor "Clamav"
Clamav
Search vendor "Clamav" for product "Clamav"
0.96.4
Search vendor "Clamav" for product "Clamav" and version "0.96.4"
-
Affected