Info

Disclosure

Mar 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Comodo Anti-Virus contains a flaw related to the anti-virus / anti-malware scanning functionality. The issue is triggered when the program is handling a specially crafted ustar character sequence within a Microsoft Office file. This may allow a context-dependent attacker to bypass the scanning allowing for the delivery of malware.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Private
Disclosure: Uncoordinated Disclosure
OSVDB: Security Software

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Comodo Group, Inc.

Comodo Antivirus

7424

References

CVE ID: 2012-1437 (see also: NVD) 2012-1438 (see also: NVD)
Bugtraq ID: 52597
Related OSVDB ID: 80376
Vendor URL: http://antivirus.comodo.com/
Mail List Post: http://seclists.org/bugtraq/2012/Mar/88
Other Advisory URL: http://www.ieee-security.org/TC/SP2012/program.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80375