<<< Date Index >>>     <<< Thread Index >>>

Re: Norton AntiVirus 2002 fails to scan files with ... [2'nd... UPDATED] Message-ID: 20040306040833.28300



In Response to:

Norton AntiVirus 2002 fails to scan files with ... [2'nd... UPDATED] 
Date:  Mar 6 2004 4:08AM 
Author:  Bipin Gautam. <door_hunt3r blackcodemail com> 
Message-ID:  <20040306040833.28300.qmail@xxxxxxxxxxxxxxxxxxxxx> 

Bipin Gautam submitted:
 
 
        In-Reply-To: <20040305183533 17369 qmail www securityfocus com>

        Subject: Norton Antivirus 2002  fails to scan files with special 
character(s) properly.
        Published: Friday, 05 March, 2004
        Updated: 06-Mar-04
        Discovered By: Bipin Gautam ( hUNT3R )
        Product Version: Norton Antivirus 2002 [ ver: 8.00.58 ] (~Only 
tested On...~)
        Risk Impact: Low-Medium

        *   *   *
        Details: 

        During a 'manual scan' of a folder, if Norton Antivirus (NAV) 
encounters a file /folder
        name with 'some'  ASCII characters ( 1-31) NAV can't further 
proceed the manual
        scan and its front-end 'NAVW32.exe' crashes! This Bug has no 
impact in the
        NAV Auto-Protect Engine.

        Exploit 1). : http://www.geocities.com/visitbipin/test_nav.zip
        Create a folder (say: '!' ) and put some sub-folders and files in 
it. The file/sub-
        folder name must contain  ASCII character(s)  ( 1-31) . Have a 
manual scan of
        the folder named '!' NAV can't  proceed the scan and crashes!

        Exploit 2). : Run this batch script, first and make sure you have 
95 sub-folders inside
 
-------------------------snip------------------------------------------------------------
 
SymSecurity Response:

Bipin Gautam posted two issues he found in an early build version of 
Symantec Norton AntiVirus 2002.

Symantec engineers did test both issues against current Symantec AntiVirus 
products.  The results of our testing shows that currently supported and 
up-to-date versions of Symantec AntiVirus products, to include Symantec 
Norton AntiVirus 2002, fully protect our customers against either of these 
issues.

Symantec takes the security and proper functionality of its products very 
seriously. As founding members in the Organization for Internet Safety, 
Symantec follows the process of responsible disclosure. 

Symantec Product Security Contact Information:
Anyone with information on potential or actual security issues with 
Symantec products should contact symsecurity@xxxxxxxxxxxx