Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.

["ZeroDay.JP" <unixfreaxjp22 () gmail com>]

> You do know that anyone can create a new archive format that
antiviruses
> will not detect... Right?

Does this ".kz" archiver have an SFX extractor? Because a new SFX type
of an archive file will raise support priority instead.

> ...the succesful exploitation of this flaw allows attackers to plant
> a malicious file on a server or to store unwanted codes..

Yes, but AFTER being extracted beforehand (or maybe you can prove the
otherwise)
You can't be serious to expect every unknown archive format to be
supported by AV scanners..

Cheers

Sent to you by ZeroDay.JP via Google Reader: Re: Multiple vendor
antivirus .kz archive format evasion/bypass vulnerability. via Full
Disclosure on 2/5/12

Posted by Julius Kivimäki on Feb 05
You do know that anyone can create a new archive format that antiviruses
will not detect... Right?

2012/2/2 Michel <kareldjag () yahoo fr>

Things you can do from here:
- Subscribe to Full Disclosure using Google Reader
- Get started using Google Reader to easily keep up with all your
favorite sites

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/