Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]

[Bipin Gautam <visitbipin () hotmail com>]

In-Reply-To: <OF4FE03EE4.3D6B6CBB-ON88256ED0.00717712-87256ED0.0077C6E6 () symantec com>



there has been reports norton AntiVirus 2004 and norton AntiVirus 2005 (beta) is also prone to the exploit. 

It's always hard to handle such tricks unless you specify a timeout value to scan a particular file. But, i doubt if 
this the right way to handle any file!

even if we impliment signatures for archive bombs, there are 10's of possibility to make..... again something different 
that the AV wont detect. )O;

bipin 
> Symantec is aware and currently investigating this issue.
>
> - - ------------------------------------------------------------------
> Symantec Product Security Team
> Symantec takes the security of our products seriously and is a
> responsible disclosure company.  You can view our response policies
> at http://www.symantec.com/security. 
> We will work directly with anyone who believes they have found a
> security issue in a Symantec product to validate the problem and
> coordinate any  response deemed necessary. 
>
> Please contact secure () symantec com concerning security issues with
> Symantec products.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.2
>
> iQA/AwUBQPRYmgLsezw0Sg5hEQKMXwCfXBaa1eTtyUwKGQvP/ntZoLoIzt0AoLk+
> HFxGjSMoFD1pi21ZCnjkw3VG
> =Et3m
> -----END PGP SIGNATURE-----