Norton AV vulnerability

[Ionizer]

http://seclists.org/lists/fulldisclosure/2004/Jul/0408.html

"While having a virus scan [automatic/manual] of some
specially crafted compressed files; NAV triggers a DoS
using 100% CPU for a very long time. Morover, NAV is
unable to stop the scan in middle, even if the user
wishes to manually stop the virus scan..."

 

[*Vanguard*]

Ionizer said in news:[email protected]:

http://seclists.org/lists/fulldisclosure/2004/Jul/0408.html

"While having a virus scan [automatic/manual] of some
specially crafted compressed files; NAV triggers a DoS
using 100% CPU for a very long time. Morover, NAV is
unable to stop the scan in middle, even if the user
wishes to manually stop the virus scan..."

"I've decided not to contact SYMANTEC in any of my advisories since their "security responce team" is too slow to responce any reported incidence."

Yeah, real helpful. Waste all that time to analysis, track, and determine the problem along with providing example "bombs" (which obviously cannot be trusted) and not bother to take the time to sent a couple e-mails to Symantec. That is as stupid as claiming to have discovered a new virus but refusing to provide a cure or work with those that do. When I've reported a new virus, they contacted me within 2 days. For other problems, they contact me within 3 or 4 days, if not sooner. What an a-hole! He pretends to be a responsible netizen but then declares he won't even bother to report it where it will actually matter. This is a self-proclaimed wizard and yet he posts using a Geocities web site (with the nuisancesome "Ad Square" spam popup)?