Home page logo
/

basics logo Security Basics mailing list archives

RE: Old anti-virus program version with latest virus definition file
From: "Ramsdell, Scott" <Scott.Ramsdell () cellnethunt com>
Date: Thu, 1 Nov 2007 13:17:33 -0400

Foragersec,

You could still be vulnerable if the anti-virus client itself has a
vulnerability that could be exploited.

For example, not too long ago an AV client (forgot which) had the
following vulnerability:

1. the client launched an .exe with system privileges
2. the client install added the client directory to the end of the
Windows PATH variable
3. the client did not validate that the .exe was launched from the
install directory

So, any malicious individual who could drop a similarly named .exe into
a directory in the PATH prior to the client install directory would get
their .exe ran with system privileges.


Kind Regards,

Scott Ramsdell
CISSP CCNA MSCE

Security Network Engineer
Cellnet+Hunt

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of foragersec () yahoo co in
Sent: Thursday, November 01, 2007 8:48 AM
To: security-basics () securityfocus com
Subject: Old anti-virus program version with latest virus definition
file

Could anyone assist me with this? 
I have Old anti-virus program version, but my virus definition file is
the latest one. 
I get the definitions updated daily. Now I wanted to know am I still at
risk with the above scenario.
As I understand the latest virus definition file would surely protect me
with the current risks. Would this be sufficient with an older version
of the anti-virus program running on my system?

Thanks in Advance,
Regards
foragersec


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault