lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050315144457.4456.qmail@web31513.mail.mud.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Unfiltered escape sequences in filenames
	contained in ZIP archives wouldn't be escaped on displaying or
	logging, and can also lead to bypass AV scanning

NICE FIND. (O;

But hey, That something quite similar to my old
advisory
:http://www.securityfocus.com/bid/9811/discussion/

Norton AntiVirus 2002 ASCII Control Character Denial
Of Service Vulnerability

Norton AntiVirus 2002 has been reported to crash when
performing manual scans on files contained in certain
folders. This is related to how the software handles
ASCII control characters (represented by decimal
values in the range of 1-31).

Although unconfirmed this issue may allow a malicious
file to go un-scanned, and so lead a user into a false
sense of security.

-bipin

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ