OSVDB ID: 6262

Title: Symantec Norton Anti-Virus Double Filename MIME Header Email Scan Bypass

Info

Disclosure

Mar 07, 2002

Discovery

Unknown

Dates

Exploit

Mar 07, 2002

Solution

Unknown

Description

Symantec Norton AntiVirus contains a flaw that may allow a remote attacker to bypass antivirus policies. The issue is triggered when changing the file name in the "Content-Type:" header to a different than the actual file type listed in the "Content-Disposition:" header, which would remain undetected by the incoming email protection feature. It is possible that the flaw may allow a remote attacker to execute arbitrary code, resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Disputed
OSVDB: Security Software

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Symantec Corporation

Norton Antivirus

2002

References

CVE ID: 2002-1775 (see also: NVD)
Bugtraq ID: 4246
Related OSVDB ID: 6261 6263
ISS X-Force ID: 8392
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0065.html
Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2002.03.07.html

Credit

Edvice Security Services - supportedvicesecurity.com - Edvice Security Services

Direct URL: http://osvdb.org/6262