Hi Tony,
I used a similar trick in the past to deactivate McAffee 4.x (needed to
use some xploits like Debploit and runasx in WinNT4, at that time the only
protection was the antivirus, now we migrated to XP).
The configuration GUI was password protected, and even when the passwords
were show as asterisks tools to reveal passwords hidden by asterisks only
show a dummy string ('12345678').
But tools to activate greyed controls worked like a charm, so in fact it
was possible to activate them and change the settings, deactivate the AV,
etc.
The tool I used for the trick was VeoVeo, a Spanish tool available at
www.hackindex.org (that has functionalities to reveal passwords hidden by
asterisks, activate greyed controls, activate greyed menu items, and a
simple keylogger that doesn't need administrative privileges to be
installed/used).
The point for me is that, even when NAI commit a mistake by providing the
configuration GUI to be available for control activation, the real problem
is Windows (IMHO) that allows that, not the antivirus itself. With the
same kind of "tricks" you can go activating controls all along your
Windoze applications, with more than unpredictable results ;-)
Just my $0.02...
Cheers,
Miguel
aka Nekromancer
Tony Montana wrote:
>I have discovered that the GUI part of KAV v5.0x (kav.exe) has a
vulnerability that would allow any user to completely BYPASS the "password
>protection" in order to change settings or completely disable/exit KAV.
There are dosens of shareware/freeware applications available on the
>internet that a user with malicious intentions could use to leverage this
new vulnerability in KAV. The main 2 that I've tested so far are
>"Enabler" and "Ramcleaner" by securitysoftware.cc and cyberlat.com
respectively.
>
{snip}
>
>-c4p0ne
Received on Oct 05 2004
Intro
