Description
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
Affected products
- aladdin / esafe7.0.17.0 β 7.0.17.0
- antiy / avl_sdk2.0.3.7 β 2.0.3.7
- cat / quick_heal11.00 β 11.00
- fortinet / fortinet_antivirus4.2.254.0 β 4.2.254.0
- F-Secure / f-secure_anti-virus9.0.16160.0 β 9.0.16160.0
- Kaspersky / Kaspersky Anti-Virus7.0.0.125 β 7.0.0.125
- McAfee / gateway2010.1c β 2010.1c
- McAfee / scan_engine5.400.0.1158 β 5.400.0.1158
- pandasecurity / panda_antivirus10.0.2.7 β 10.0.2.7
- rising-global / rising_antivirus22.83.00.03 β 22.83.00.03
- Sophos / sophos_anti-virus4.61.0 β 4.61.0