Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 1 Oct 2004 21:15:13 -0700 (PDT)

--- GuidoZ <uberguidoz () gmail com> wrote:

I've heard of this before (see following link). I
thought it was fixed
in SP1 (maybe it was SP2). I'm probabaly wrong -
call it wishful
thinking. There is an interesting page in German
about it here:


English transation provided by Google is:

(if the URL wrap bothers you, here's a TinyURL:

It doesn't take much to figure out how this could be
used to cause
some hell. (Maybe combined with the recent GDI/JPEG
Downloading a batch file coudl be nasty...)

No man... the url you provide seem to speak a
different thing! (O; Look closely; 

 And ya, i tested in Winxp sp2.
Note: If the scanner is unable to drop the privilege
and run under the security content of "dumb_user"...
the auto-protect engine will also fail to stop a
malicious code from executing. Mostly, a user's HOME
directory *only accessible* by the by the particular
user... cauz mostly* permission is set in a way he/she
is only the owner of that directory. In that case, if
a malicious code gets copied in desktop (inside home
directory, or the directory that's only* accessible by
the user) the auto-protect engine will also fail to
stop a malicious code execution.  


Do you Yahoo!?
Declare Yourself - Register online to vote today!

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]