lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041019233801.3720.qmail@www.securityfocus.com>
Date: 19 Oct 2004 23:38:01 -0000
From: <secure@...antec.com>
To: bugtraq@...urityfocus.com
Subject: Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC
    and rant)


In-Reply-To: <20041018172444.19798.qmail@....securityfocus.com>

Update: October 19, 2004

Recent published advisories and media stories are reporting that this attack can kill the Auto-Protect feature of Norton AntiVirus. This is incorrect. 

Investigations into this issue by Symantec have determined this attack terminates the CCApp.exe executable. This leads to the disappearance of the Norton AntiVirus icon in the system tray, and disables notification of Auto-Protect. It does not terminate Auto-Protect itself. The user’s system is still protected.

Protection can be verified by using the EICAR test file (see ww.eicar.com/anti_virus_test_file.htm). When this test file is saved to the system there is no notification by Auto-Protect. The file is prevented from being written to disk by the still functional Auto-Protect. Once CCApp.exe is restarted, Auto-Protect notification resumes and the tray icon reappears.

Symantec Vulnerability Response


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ