| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f46d041b4726a9871904b838b080@google.com>
Date: Sun, 05 Feb 2012 14:52:08 +0000
From: "ZeroDay.JP" <unixfreaxjp22@...il.com>
To: full-disclosure@...ts.grok.org.uk
Cc: "ZeroDay.JP" <unixfreaxjp22@...il.com>
Subject: Re: Multiple vendor antivirus .kz archive format
evasion/bypass vulnerability.
> You do know that anyone can create a new archive format that
antiviruses
> will not detect... Right?
Does this ".kz" archiver have an SFX extractor? Because a new SFX type
of an archive file will raise support priority instead.
> ...the succesful exploitation of this flaw allows attackers to plant
> a malicious file on a server or to store unwanted codes..
Yes, but AFTER being extracted beforehand (or maybe you can prove the
otherwise)
You can't be serious to expect every unknown archive format to be
supported by AV scanners..
Cheers
Sent to you by ZeroDay.JP via Google Reader: Re: Multiple vendor
antivirus .kz archive format evasion/bypass vulnerability. via Full
Disclosure on 2/5/12
Posted by Julius Kivimäki on Feb 05
You do know that anyone can create a new archive format that antiviruses
will not detect... Right?
2012/2/2 Michel <kareldjag () yahoo fr>
Things you can do from here:
- Subscribe to Full Disclosure using Google Reader
- Get started using Google Reader to easily keep up with all your
favorite sites
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists