Full Disclosure mailing list archives
RE: Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability
From: "Aditya Deshmukh" <aditya.deshmukh () online gateway strangled net>
Date: Wed, 16 Nov 2005 10:06:04 +0530
axo> Demonstration here: axo> Choose a malicious file which would be detected, such as nc.exe, axo> rename the file as nc??.exe (?? =Hex C0 D7 BA DC) axo> Because these special names are unable directly to input, so if you axo> want to run these file, you should use the following way: axo> Uses the MS-DOS name specification, we can operate file with
Open、
axo> Read、Write、 and duplicate。
That means that if the user clicks on it using explorer.exe or iexplorer.exe the file won't be executed because even Microsoft Windows explorer is unable to parse the file?
It will be executed because the if windows is not able to Access the long file name then short file name is used to Access the file in +x or execute mode... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability alert7 () xfocus org (Nov 14)
- Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability Thierry Zoller (Nov 15)
- RE: Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability Aditya Deshmukh (Nov 15)
- Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability Marco Monicelli (Nov 16)
- Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability Thierry Zoller (Nov 15)