Full Disclosure mailing list archives
Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV]
From: bipin gautam <visitbipin () yahoo com>
Date: Fri, 1 Oct 2004 21:15:13 -0700 (PDT)
--- GuidoZ <uberguidoz () gmail com> wrote:
I've heard of this before (see following link). I thought it was fixed in SP1 (maybe it was SP2). I'm probabaly wrong - call it wishful thinking. There is an interesting page in German about it here: -
http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm
English transation provided by Google is: -
http://translate.google.com/translate?hl=en&sl=de&u=http://www.lsg.musin.de/Admin/NT/rechte/die_batch_online_mit_vielen_erkl.htm&prev=/search%3Fq%3D%2522cacls%2B*.*%2B/T%2B/C%2B/P%2B*:R%2522%26hl%3Den%26lr%3D%26ie%3DUTF-8
(if the URL wrap bothers you, here's a TinyURL: http://tinyurl.com/6t6lu) It doesn't take much to figure out how this could be used to cause some hell. (Maybe combined with the recent GDI/JPEG exploit? Downloading a batch file coudl be nasty...)
No man... the url you provide seem to speak a different thing! (O; Look closely; And ya, i tested in Winxp sp2. Note: If the scanner is unable to drop the privilege and run under the security content of "dumb_user"... the auto-protect engine will also fail to stop a malicious code from executing. Mostly, a user's HOME directory *only accessible* by the by the particular user... cauz mostly* permission is set in a way he/she is only the owner of that directory. In that case, if a malicious code gets copied in desktop (inside home directory, or the directory that's only* accessible by the user) the auto-protect engine will also fail to stop a malicious code execution. bipin _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- <Possible follow-ups>
- All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 01)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re: (confirm) Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] bipin gautam (Oct 02)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 03)
- Re[2]: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] Kolja Powischer (Oct 04)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] 3APA3A (Oct 02)
- Re: All Antivirus, Trojan, Spy ware scanner, Nested file manual scan bypass bugs. [Part IV] GuidoZ (Oct 01)