Full Disclosure mailing list archives
Re: Avast Antivirus
From: Juergen Schmidt <ju () ct de>
Date: Thu, 19 Jan 2012 12:04:57 +0100 (CET)
On Tue, 17 Jan 2012, Floste wrote:
Hello, Avast Antivirus also comes with sandbox and a "SafeZone". But both can be circumvented using simple dll-injection and they seem to do nothing about it: http://forum.avast.com/index.php?topic=82291.0 Maybe this post here will encourage them to fix it.
In my understanding a sandbox is not supposed to prevent you from getting in from the outside but from escaping from the inside. So if a sandboxed process injects a DLL in say a running IE process outside -- then we are talking about vulns bye, ju -- Juergen Schmidt Chefredakteur heise Security www.heisec.de Heise Zeitschriften Verlag, Karl-Wiechert-Allee 10 , D-30625 Hannover Tel. +49 511 5352 300 FAX +49 511 5352 417 EMail ju () heisec de GPG-Key: 0x38EA4970, 5D7B 476D 84D5 94FF E7C5 67BE F895 0A18 38EA 4970 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Avast Antivirus Floste (Jan 18)
- Re: Avast Antivirus Dan Kaminsky (Jan 18)
- Re: Avast Antivirus Juergen Schmidt (Jan 19)
- Re: Avast Antivirus xD 0x41 (Jan 19)
- Re: Avast Antivirus Floste (Jan 20)
- Re: Avast Antivirus Valdis . Kletnieks (Jan 20)
- Re: Avast Antivirus Jeffrey Walton (Jan 20)