Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]

[Bipin Gautam <visitbipin@xxxxxxxxxxx>]

In-Reply-To: 
<OF4FE03EE4.3D6B6CBB-ON88256ED0.00717712-87256ED0.0077C6E6@xxxxxxxxxxxx>



there has been reports norton AntiVirus 2004 and norton AntiVirus 2005 (beta) 
is also prone to the exploit. 

It's always hard to handle such tricks unless you specify a timeout value to 
scan a particular file. But, i doubt if this the right way to handle any file!

even if we impliment signatures for archive bombs, there are 10's of 
possibility to make..... again something different that the AV wont detect. )O;

bipin 
>
>Symantec is aware and currently investigating this issue.
>
>- - ------------------------------------------------------------------
>Symantec Product Security Team
>Symantec takes the security of our products seriously and is a
>responsible disclosure company.  You can view our response policies
>at http://www.symantec.com/security. 
>We will work directly with anyone who believes they have found a
>security issue in a Symantec product to validate the problem and
>coordinate any  response deemed necessary. 
>
>Please contact secure@xxxxxxxxxxxx concerning security issues with
>Symantec products.
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 8.0.2
>
>iQA/AwUBQPRYmgLsezw0Sg5hEQKMXwCfXBaa1eTtyUwKGQvP/ntZoLoIzt0AoLk+
>HFxGjSMoFD1pi21ZCnjkw3VG
>=Et3m
>-----END PGP SIGNATURE-----
>