Bypassing Malware Detection in Microsoft EXE File Parser

Bypassing Malware Detection in Microsoft EXE File Parser

CVE-2012-1435 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.

Learn more about our Web Application Penetration Testing UK.