Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities
Jul 22 2008 05:21PM
jplopezy gmail com
Application: Outpost Security Suite Pro ver. 2009
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Outpost Security Suite is a software application that contains several security,
including anti-virus and is mainly a firewall but also includes an anti-spam and content control.
------------------------------------------------------
Vulnerability
The vulnerability is that when using certain special characters such as file name
could be left without protection for the system.
The first flaw is used as a special character file name,
making this could evade antivirus protection and make a file already detected
by the antiviru not be detected.
The second flaw is that using a certain amount of special characters such as filename to run a program
that this blocked by the firewall, the firewall to detect the file, it would break the firewall and would
continue to be running malicious file without restrictions.
In the latter case exceptions vary depending on the type of characters which are used
for example here there are two different results.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: ntdll.dll, versión 5.1.2600.2180, dirección de error 0x000111de.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: kernel32.dll, versión 5.1.2600.3119, dirección de error 0x0000bd85.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: firewall.ofp, versión 6.5.2358.9115, dirección de error 0x000350b3.
------------------------------------------------------
POC/EXPLOIT
To evade the virus requires the following character.
ASCII: 
HEX: 26 23 31 32 32 38 38 3b
To perform the test to fail the firewall will require the following.
ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85
Note: In the case of evasion of anti-virus testing must be done with a file detected by antivirus and firewall
in the case obviously does not have a file that would make connections.
------------------------------------------------------
Juan Pablo Lopez Yacubian
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Application: Outpost Security Suite Pro ver. 2009
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Outpost Security Suite is a software application that contains several security,
including anti-virus and is mainly a firewall but also includes an anti-spam and content control.
------------------------------------------------------
Vulnerability
The vulnerability is that when using certain special characters such as file name
could be left without protection for the system.
The first flaw is used as a special character file name,
making this could evade antivirus protection and make a file already detected
by the antiviru not be detected.
The second flaw is that using a certain amount of special characters such as filename to run a program
that this blocked by the firewall, the firewall to detect the file, it would break the firewall and would
continue to be running malicious file without restrictions.
In the latter case exceptions vary depending on the type of characters which are used
for example here there are two different results.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: ntdll.dll, versión 5.1.2600.2180, dirección de error 0x000111de.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: kernel32.dll, versión 5.1.2600.3119, dirección de error 0x0000bd85.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: firewall.ofp, versión 6.5.2358.9115, dirección de error 0x000350b3.
------------------------------------------------------
POC/EXPLOIT
To evade the virus requires the following character.
ASCII: 
HEX: 26 23 31 32 32 38 38 3b
To perform the test to fail the firewall will require the following.
ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85
Note: In the case of evasion of anti-virus testing must be done with a file detected by antivirus and firewall
in the case obviously does not have a file that would make connections.
------------------------------------------------------
Juan Pablo Lopez Yacubian
[ reply ]