Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability

To: "alert7@xxxxxxxxxx" <alert7@xxxxxxxxxx>
Subject: Re: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability
From: Thierry Zoller <Thierry@xxxxxxxxx>
Date: Tue, 15 Nov 2005 21:23:21 +0100
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, <vulnwatch@xxxxxxxxxxxxx>
In-reply-to: <43797949.6020703@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <43797949.6020703@xxxxxxxxxx>
Reply-to: Thierry Zoller <Thierry@xxxxxxxxx>

Dear Alert7 ,

That means that if the user clicks on it using explorer.exe or
iexplorer.exe the file won't be executed because even Microsoft
Windows explorer is unable to parse the file?

axo>   Demonstration here:
axo>   Choose a malicious file which would be detected, such as nc.exe,
axo>   rename the file as nc??.exe (?? =Hex C0 D7 BA DC)
axo>   Because these special names are unable directly to input, so if you
axo>   want to run these file, you should use the following way:
axo>   Uses the MS-DOS name specification, we can operate file with Open、
axo>   Read、Write、 and duplicate。




-- 
http://secdev.zoller.lu
Thierry Zoller

References:
- [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability
  - From: alert7@xxxxxxxxxx

Prev by Date: Template Seller Pro 3.25
Next by Date: RE: List of Security-oriented Fairs/Events/Conferences?
Previous by thread: [xfocus-AD-051115]Multiple antivirus failed to scan malicous filename bypass vulnerability
Next by thread: [SECURITY] [DSA 896-1] New ftpd-ssl packages fix arbitrary code execution
Index(es):
- Date
- Thread