Norton Anti-Virus 的 bug

[sic]

http://securitytracker.com/alerts/2004/Mar/1009333.html

Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Path Names

SecurityTracker Alert ID: 1009333
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Mar 5 2004

Impact: Denial of service via local system

Exploit Included: Yes

Version(s): 2002; version 8.00.58; possibly others

Description: A vulnerability was reported in Symantec's Norton Anti-Virus. A local user or a virus may create a file or directory that cannot be scanned by the anti-virus engine.

Bipin Gautam ( hUNT3R ) reported that the software will crash when performing a manual scan of a file or folder with a name containing certain ASCII characters. The report indicates that ASCII characters 1 - 31 can be used in a folder or filename to trigger the flaw. For example, a folder named '!' can be used. When Norton Anti-Virus attempts to scan the folder manually, 'NAVW32.exe' will crash, the report said.

The Auto-Protect feature is not affected, the report said.

A demonstration exploit is available at:

http://www.geocities.com/visitbipin/t est_nav.zip

Impact: A local user (or virus code) can create a file with a particular type of file path name that will not be scanned manually by the anti-virus scanning engine.

Solution: No solution was available at the time of this entry.

Vendor URL: www.symantec.com/ (Links to External Site)

Cause: State error

Underlying OS: Windows (Any)

Reported By: "Bipin Gautam." <[email protected]>

Message History: None.