Search for vulnerabilities
Vulnerability details: VCID-9exa-1hrh-aaaf
Vulnerability ID VCID-9exa-1hrh-aaaf
Aliases CVE-2012-1458
Summary The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.6272 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.68024 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.70458 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
epss 0.74835 https://api.first.org/data/v1/epss?cve=CVE-2012-1458
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-1458
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
http://osvdb.org/80473
http://osvdb.org/80474
https://api.first.org/data/v1/epss?cve=CVE-2012-1458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458
https://exchange.xforce.ibmcloud.com/vulnerabilities/74301
http://www.ieee-security.org/TC/SP2012/program.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52611
668273 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668273
cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sophos:sophos_anti-virus:4.61.0:*:*:*:*:*:*:*
CVE-2012-1458 https://nvd.nist.gov/vuln/detail/CVE-2012-1458
USN-1482-1 https://usn.ubuntu.com/1482-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-1458
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.98261
EPSS Score 0.6272
Published At June 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.