Strix
26.1K

CVE-2012-1453

UnknownEPSS 97.71%

Last modified

CVE-2012-1453 is a vulnerability of currently unknown severity. The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.. EPSS estimates a 97.71% chance of exploitation in the next 30 days.

Description

The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.

Metrics

EPSS Probability
97.71%

99.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AntiyAvl Sdk2.0.3.7
CaEtrust Vet Antivirus36.1.8511
DrwebDr.Web Antivirus5.0.2.03300
EmsisoftAnti-Malware5.1.0.1
FortinetFortinet Antivirus4.2.254.0
IkarusIkarus Virus Utilities T3 Command Line Scanner1.1.97.0
KasperskyKaspersky Anti-Virus7.0.0.125
McafeeGateway2010.1c
MicrosoftSecurity Essentials2.0
PandasecurityPanda Antivirus10.0.2.7
Rising-GlobalRising Antivirus22.83.00.03
SophosSophos Anti-Virus4.61.0
TrendmicroHousecall9.120.0.1004
TrendmicroTrend Micro Antivirus9.120.0.1004

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-1453?
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
How severe is CVE-2012-1453?
Severity scoring for CVE-2012-1453 is pending analysis. The EPSS model estimates a 97.71% probability of exploitation in the next 30 days.
How do I fix CVE-2012-1453?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-1453?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST