| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: randallm at fidmail.com (RandallM) Subject: Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code) Daniel told me: --__--__-- Message: 4 Date: Wed, 03 Nov 2004 20:09:02 -0500 From: Daniel Milisic <dmilisic@...ealbox.com> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code) Hi All, I have major issues with the quality of Norton AntiVirus. For some history, see: http://seclists.org/lists/fulldisclosure/2004/Oct/0540.html - Norton AntiVirus 2004 Script Blocking Failure (Rant and PoC enclosed) http://seclists.org/lists/fulldisclosure/2004/Oct/0775.html - Norton AntiVirus 2004/2005 Script Blocking Redux Symantec's Response to this issue: (From a week ago) "ScriptBlocking is intended to provide proactive detection against script-based worms and this component of Norton AntiVirus has been effective at doing this since its introduction in 2001" Huh? Below is a 'typical' script-based virus that Norton AntiVirus will allow a user to run, without *any* intervention on NAV's part whatsoever. It's likely that code similar to this is already appended to script-based threats/worms to assist their penetration in the wild. --__--__-- Dam. McAfee picked it right up as viral. thank you Randall M
Powered by blists - more mailing lists