Full Disclosure: Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability

From: Thierry Zoller <Thierry () Zoller lu>
Date: Tue, 15 Nov 2005 21:23:21 +0100

Dear Alert7 ,

That means that if the user clicks on it using explorer.exe or
iexplorer.exe the file won't be executed because even Microsoft
Windows explorer is unable to parse the file?

axo>   Demonstration here:
axo>   Choose a malicious file which would be detected, such as nc.exe,
axo>   rename the file as nc??.exe (?? =Hex C0 D7 BA DC)
axo>   Because these special names are unable directly to input, so if you
axo>   want to run these file, you should use the following way:
axo>   Uses the MS-DOS name specification, we can operate file with Open、
axo>   Read、Write、 and duplicate。




-- 
http://secdev.zoller.lu
Thierry Zoller

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

[xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability alert7 () xfocus org (Nov 14)
- Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability Thierry Zoller (Nov 15)
  - RE: Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability Aditya Deshmukh (Nov 15)
- Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability Marco Monicelli (Nov 16)