Full Disclosure mailing list archives
Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.
From: "ZeroDay.JP" <unixfreaxjp22 () gmail com>
Date: Sun, 05 Feb 2012 14:52:08 +0000
You do know that anyone can create a new archive format that
antiviruses
will not detect... Right?
Does this ".kz" archiver have an SFX extractor? Because a new SFX type of an archive file will raise support priority instead.
...the succesful exploitation of this flaw allows attackers to plant a malicious file on a server or to store unwanted codes..
Yes, but AFTER being extracted beforehand (or maybe you can prove the otherwise) You can't be serious to expect every unknown archive format to be supported by AV scanners.. Cheers Sent to you by ZeroDay.JP via Google Reader: Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability. via Full Disclosure on 2/5/12 Posted by Julius Kivimäki on Feb 05 You do know that anyone can create a new archive format that antiviruses will not detect... Right? 2012/2/2 Michel <kareldjag () yahoo fr> Things you can do from here: - Subscribe to Full Disclosure using Google Reader - Get started using Google Reader to easily keep up with all your favorite sites
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple vendor antivirus .kz archive format evasion/bypass vulnerability. Michel (Feb 03)
- Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability. Julius Kivimäki (Feb 05)
- <Possible follow-ups>
- Re: Multiple vendor antivirus .kz archive format evasion/bypass vulnerability. ZeroDay.JP (Feb 05)