Info

Disclosure

Oct 05, 2004

Discovery

Jun 25, 2004

Dates

Exploit

Oct 05, 2004

Solution

Unknown

Description

Norton AntiVirus contains a flaw that may allow malicious files to bypass scanning. The issue is triggered when malware uses a MS-DOS Device based name such as AUX, CON, PRN, COM1 and LPT1. It is possible that the flaw may allow malware to evade scans resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Unknown
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Symantec has released a patch to address this vulnerability available via LiveUpdate. Furthermore, it is possible to correct the flaw by implementing the following workaround: 1.) Ensure that no local files or directories using reserved MS-DOS device names exist 2.) Use 'del \.\C:\aux' to delete those files if they exist (e.g. aux)

Products

Symantec Corporation	Norton Antivirus	2003
		2004
		2005

H+BEDV Datentechnik GmbH

AntiVir

6.28

Proland Software

Protector Plus 2000

7.2.F07

FIL Security Laboratory

Twister Anti-TrojanVirus

5.5

References

Security Tracker: 1011544 1011842 1011843 1011844
Secunia Advisory ID: 12734 12870 12893 12894
CVE ID: 2004-0920 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0656.html
Other Advisory URL: http://secway.org/Advisory/Ad20041009.txt
http://www.idefense.com/application/poi/display?id=147&type=vulnerabilities
Vendor URL: http://www.filseclab.com
http://www.hbedv.com
http://www.pspl.com
Vendor Specific Advisory URL: http://www.sarc.com/avcenter/security/Content/2004.10.05.html

Credit

Kurt Seifried - kurtseifried.org -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Symantec Corporation

Norton Antivirus

H+BEDV Datentechnik GmbH

AntiVir

Proland Software

Protector Plus 2000

FIL Security Laboratory

Twister Anti-TrojanVirus

References

Credit