Search for vulnerabilities
Vulnerability details: VCID-fbce-ag4j-aaaq
Vulnerability ID VCID-fbce-ag4j-aaaq
Aliases CVE-2012-1457
PYSEC-2012-25
Summary The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Status Published
Exploitability 2.0
Weighted Severity 3.9
Risk 7.8
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.85138 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.85138 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.85138 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.85138 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.86943 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.88894 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97377 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97384 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss 0.97410 https://api.first.org/data/v1/epss?cve=CVE-2012-1457
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-1457
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
http://osvdb.org/80389
http://osvdb.org/80391
http://osvdb.org/80392
http://osvdb.org/80393
http://osvdb.org/80395
http://osvdb.org/80396
http://osvdb.org/80403
http://osvdb.org/80406
http://osvdb.org/80407
http://osvdb.org/80409
https://api.first.org/data/v1/epss?cve=CVE-2012-1457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457
https://exchange.xforce.ibmcloud.com/vulnerabilities/74293
http://www.ieee-security.org/TC/SP2012/program.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
http://www.securityfocus.com/archive/1/522005
http://www.securityfocus.com/bid/52610
668273 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668273
cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aladdin:esafe:7.0.17.0:*:*:*:*:*:*:*
cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:alwil:avast_antivirus:4.8.1351.0:*:*:*:*:*:*:*
cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:alwil:avast_antivirus:5.0.677.0:*:*:*:*:*:*:*
cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:anti-virus:vba32:3.12.14.2:*:*:*:*:*:*:*
cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:antiy:avl_sdk:2.0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:authentium:command_antivirus:5.2.11.5:*:*:*:*:*:*:*
cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:avg:avg_anti-virus:10.0.0.1190:*:*:*:*:*:*:*
cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:avira:antivir:7.11.1.163:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bitdefender:bitdefender:7.2:*:*:*:*:*:*:*
cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cat:quick_heal:11.00:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:emsisoft:anti-malware:5.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eset:nod32_antivirus:5795:*:*:*:*:*:*:*
cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f-prot:f-prot_antivirus:4.6.2.117:*:*:*:*:*:*:*
cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gdata-software:g_data_antivirus:21:*:*:*:*:*:*:*
cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ikarus:ikarus_virus_utilities_t3_command_line_scanner:1.1.97.0:*:*:*:*:*:*:*
cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:jiangmin:jiangmin_antivirus:13.0.900:*:*:*:*:*:*:*
cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:k7computing:antivirus:9.77.3565:*:*:*:*:*:*:*
cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0.0.125:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:gateway:2010.1c:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:scan_engine:5.400.0.1158:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:security_essentials:2.0:*:*:*:*:*:*:*
cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:norman:norman_antivirus_\&_antispyware:6.06.12:*:*:*:*:*:*:*
cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pc_tools:pc_tools_antivirus:7.0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rising-global:rising_antivirus:22.83.00.03:*:*:*:*:*:*:*
cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trendmicro:housecall:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trendmicro:trend_micro_antivirus:9.120.0.1004:*:*:*:*:*:*:*
cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:virusbuster:virusbuster:13.6.151.0:*:*:*:*:*:*:*
CVE-2012-1457 https://nvd.nist.gov/vuln/detail/CVE-2012-1457
USN-1482-1 https://usn.ubuntu.com/1482-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-1457
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99303
EPSS Score 0.85138
Published At June 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.