Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
From: <secure@xxxxxxxxxxxx>
Date: 19 Oct 2004 23:38:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <20041018172444.19798.qmail@xxxxxxxxxxxxxxxxxxxxx>

Update: October 19, 2004

Recent published advisories and media stories are reporting that this attack 
can kill the Auto-Protect feature of Norton AntiVirus. This is incorrect. 

Investigations into this issue by Symantec have determined this attack 
terminates the CCApp.exe executable. This leads to the disappearance of the 
Norton AntiVirus icon in the system tray, and disables notification of 
Auto-Protect. It does not terminate Auto-Protect itself. The user?s system is 
still protected.

Protection can be verified by using the EICAR test file (see 
ww.eicar.com/anti_virus_test_file.htm). When this test file is saved to the 
system there is no notification by Auto-Protect. The file is prevented from 
being written to disk by the still functional Auto-Protect. Once CCApp.exe is 
restarted, Auto-Protect notification resumes and the tray icon reappears.

Symantec Vulnerability Response

Prev by Date: [SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities
Next by Date: MDKSA-2004:108 - Updated cvs packages fix vulnerability
Previous by thread: Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
Next by thread: [SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service
Index(es):
- Date
- Thread