Bugtraq mailing list archives
Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
From: Bipin Gautam <visitbipin () hotmail com>
Date: 10 Jul 2004 03:59:24 -0000
In-Reply-To: <40EEE9C0.4040108 () mojohosting com>
The same thing happens with classic mail bombs like 42.zip, NAV can't handle them. Alan Parks
42.zip was a arc. BOMB and a different story... It's similar to my WinRar advisory that date back, 2003. Well, within few seconds... after the AV scan have started norton quickly scan's the infected file and skips the empty folder within the zip archive! But after norton detects virus in the archive it tries to delete the virus within the archive, and re-create the un-infected/fresh archive........ again! The problem triggers when NAV tries to re-create all the empty folders and re-construct the archive. *ANY* av scanners that autometically tries to delete the infected file and re-create the archive should be vulnerable to this exploit!!! Note: in the "AutoProtect Menu" in the option tab in Norton AV the option........ *autometically repair the infected file <--- is set by default! you could temporarily be immune by this bug by setting the option, *deny access to the infected file. The compressed archive mustn't necessarily be a zip archive to trigger this attack. You could experiment this with other archive types...... bipin
Current thread:
- Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Bipin Gautam (Jul 09)
- Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Tom Spencer (Jul 09)
- RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] DaiTengu (Jul 10)
- <Possible follow-ups>
- RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Eric McCarty (Jul 09)
- Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Bipin Gautam (Jul 10)
- RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Sym Security (Jul 13)
- RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Sym Security (Jul 13)
- Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] Bipin Gautam (Jul 17)