|
Full Disclosure
mailing list archives
Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 11 Mar 2005 07:55:28 -0800 (PST)
In Local file header if you modify "general purpose
bit flag" 7th & 8'th byte of a zip archive with \x2f
ie: "\" F-port, Kaspersky, Mcafee, Norman, Sybari,
Symantec seem to skip the file marking it as clean!!!
This was discoverd during the analysis of "Multiple AV
Vendor Incorrect CRC32 Bypass Vulnerability."
Quick/rough conclusion were drawn using
www.virustotal.com
poc: http://www.geocities.com/visitbipin/gpbf.zip
regards,
bipin gautam
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
 By Date 
By Thread
Current thread:
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability., (continued)
|
Intro
