會員 | Norton Anti-Virus 的 bug http://securitytracker.com/alerts/2004/Mar/1009333.html Symantec's Norton Anti-Virus Fails to Scan Files With Certain Characters in Path Names SecurityTracker Alert ID: 1009333 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: Mar 5 2004 Impact: Denial of service via local system Exploit Included: Yes Version(s): 2002; version 8.00.58; possibly others Description: A vulnerability was reported in Symantec's Norton Anti-Virus. A local user or a virus may create a file or directory that cannot be scanned by the anti-virus engine. Bipin Gautam ( hUNT3R ) reported that the software will crash when performing a manual scan of a file or folder with a name containing certain ASCII characters. The report indicates that ASCII characters 1 - 31 can be used in a folder or filename to trigger the flaw. For example, a folder named '!' can be used. When Norton Anti-Virus attempts to scan the folder manually, 'NAVW32.exe' will crash, the report said. The Auto-Protect feature is not affected, the report said. A demonstration exploit is available at: http://www.geocities.com/visitbipin/t est_nav.zip Impact: A local user (or virus code) can create a file with a particular type of file path name that will not be scanned manually by the anti-virus scanning engine. Solution: No solution was available at the time of this entry. Vendor URL: www.symantec.com/ (Links to External Site) Cause: State error Underlying OS: Windows (Any) Reported By: "Bipin Gautam." <[email protected]> Message History: None. |
回覆 |
|
類似的主題 | ||||
主題 | 主題作者 | 討論版 | 回覆 | 最後發表 |
【新聞】微軟來了 Microsoft Readies 'A1' Security Subscription Service-anti-virus/anti-spywa | baba_yu | -- 防 駭 / 防 毒 版 | 2 | 2005-01-05 11:22 PM |
MDaemon Anti Virus 2.x | yunhao | -- 防 駭 / 防 毒 版 | 1 | 2003-11-07 10:29 PM |
xp 灌 norton anti virus 總是異常終止 | kkfox | -- Windows 討 論 版 | 2 | 2002-03-22 10:08 PM |
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。