Norton AV vulnerability

  • Thread starter Thread starter Jari Lehtonen
  • Start date Start date
J

Jari Lehtonen

Nortons manual check can be compromised by including certain
characters in scanned pathnames.
From Securitytracker.com:

"Description: A vulnerability was reported in Symantec's Norton
Anti-Virus. A local user or a virus may create a file or directory
that cannot be scanned by the anti-virus engine.

Bipin Gautam ( hUNT3R ) reported that the software will crash when
performing a manual scan of a file or folder with a name containing
certain ASCII characters. The report indicates that ASCII characters 1
- 31 can be used in a folder or filename to trigger the flaw. For
example, a folder named '!' can be used. When Norton Anti-Virus
attempts to scan the folder manually, 'NAVW32.exe' will crash, the
report said.

The Auto-Protect feature is not affected, the report said. "


http://securitytracker.com/alerts/2004/Mar/1009333.html
 
Nortons manual check can be compromised by including certain
characters in scanned pathnames.
From Securitytracker.com:

"Description: A vulnerability was reported in Symantec's Norton
Anti-Virus. A local user or a virus may create a file or directory
that cannot be scanned by the anti-virus engine.

Bipin Gautam ( hUNT3R ) reported that the software will crash when
performing a manual scan of a file or folder with a name containing
certain ASCII characters. The report indicates that ASCII characters 1
- 31 can be used in a folder or filename to trigger the flaw. For
example, a folder named '!' can be used. When Norton Anti-Virus
attempts to scan the folder manually, 'NAVW32.exe' will crash, the
report said.

The Auto-Protect feature is not affected, the report said. "


http://securitytracker.com/alerts/2004/Mar/1009333.html
Click to expand...

They are just finding that out now????

I demonstrated to a Microsoft representative who was giving a presentation
to my computer club a long while ago that any file or directory that was
created in pure DOS[1] that has one of the DOS graphics characters in the
filename is totally inaccessible to Windows programs including Norton's
Utilities or any Windows-based antivirus program. That must have been a
few years ago, now. I even gave him a floppy disk with a
Windows-unreadable directory to take with him.

Windows translates the filename into cp1252 for display and converts the
graphics box-drawing characters to '|', '-', or '+' and then mis-converts
back to cp437 and attempts to use the twice-converted name when you try to
access the file (instead of remembering the original DOS filename and
using that).

They have still not done anything to fix this (except get rid of DOS
altogether in the newer versions of Windows[2]).

[1] If you do it in a DOS box, you also get a long filename with the
Unicode for the graphics characters so Windows *can* access the
file or directory using the long filename.
[2] Which is no help if you have legacy floppies with graphics characters
in the filenames.
 
Back
Top