Re: Multiple Antivirus Scanners DoS attack.

[<jspanitz () erols com>]

In-Reply-To: <BAY17-F32jMdiiRq5jP00147ef0 () hotmail com>

CA eTrust Antivirus 7.0 SP2 scans and detects with no problems.
> Multiple Antivirus Scanners DoS attack.
>
> --- [Vulnerable Products] ---
>      Only tested on...
>
> * Norton Antivirus 2002
> * Norton Antivirus 2003
> * Mcafee VirusScan 6
> * Network Associates (McAfee) VirusScan Enterprise 7.1
> * Windows Xp default ZIP manager [report's wrong size of compress ZIP 
> files.]
>
> There has been multiple reports [Unconfirmed]
> *F-Prot 4.4.2 for Linux
> *Panda Antivirus
>
> Are vulnerable.
>
>
> Risk Impact: Medium
>
> --- [Details] ---
>
> While having a manual scan of compressed files; several Antivirus, Trojan, 
> Spy ware scanners suffer a DoS attack if the software tries to completely 
> extract the archive and scan its content for a hostile file.
>
> --- [Proof of Concept] ---
> Please download this file.
> http://www.geocities.com/visitbipin/SERVER_dwn.zip
>
> Moreover it's not safe to set automatically 'Quarantine/delete' option set 
> for your AV scanner as it may try to Quarantine the virus by extracting the 
> archive.
>
> -----------
> Bipin Gautam
> http://www.geocities.com/visitbipin/
>
> Disclaimer: The information in the advisory is believed to be accurate at 
> the time of printing based on currently available information. Use of the 
> information constitutes acceptance for use in an AS IS condition. There are 
> no warranties with regard to this information. Neither the author nor the 
> publisher accepts any liability for any direct, indirect or consequential 
> loss or damage arising from use of, or reliance on this information.
>
> _________________________________________________________________
> It's fast, it's easy and it's free. Get MSN Messenger today! 
> http://www.msn.co.uk/messenger