The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of eTrust Antivirus: bypassing via CAB, ELF

Synthesis of the vulnerability 

An attacker can create an archive or a program containing a virus, which is not detected by eTrust Antivirus.
Vulnerable products: e-Trust Antivirus.
Severity of this weakness: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/03/2012.
Références of this bulletin: BID-52595, BID-52600, BID-52621, CVE-2012-1440, CVE-2012-1446, CVE-2012-1453, VIGILANCE-VUL-11478.

Description of the vulnerability 

Tools extracting archives (CAB.) accept to extract archives which are slightly malformed. Systems also accept to execute programs (ELF) which are slightly malformed. However, eTrust Antivirus does not detect viruses contained in these archives/programs.

An ELF program containing a large "identsize" field bypasses the detection. [severity:2/4; BID-52595, CVE-2012-1440]

An ELF program containing a large "encoding" field bypasses the detection. [severity:2/4; BID-52600, CVE-2012-1446]

A CAB archive containing a large "coffFiles" field bypasses the detection. [severity:1/4; BID-52621, CVE-2012-1453]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer. An attacker can also create a program, containing a virus which is not detected by the antivirus, but which can be run by the system.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as e-Trust Antivirus.

Our Vigil@nce team determined that the severity of this weakness announce is medium.

The trust level is of type confirmed by a trusted third party, with an origin of document.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.