<< Previous
VirusScan
Litel Update.
in the previous advisory there was some wrong report because of, the update of anti-virus product version.
********************************************************************************************
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass
[_] Discovred by : DATA_SNIPER
[_] Greets to: hacker c&c Team , Arab4Services team on www.arab4services.net , AT4RE Team on www.at4re.com
[_] Special thanks go to: Andrey Bayora and all arabian hackers specialy algerian hackers.
NOTIFICATION:
this exploit are based on Andrey Bayora "magic of magic byte" but with some development.
This proof of concept was created for educational purposes only,Use the code it at your own risk.
Quick Heal Local Privilege Escalation Vulnerability
BACKGROUND
Quick Heal Technologies is leading provider of AntiVirus and Internet Security tools and is leader in Anti-Virus Technology in India. A privately held company, Quick Heal Technologies Pvt. Ltd. (formerly known as Cat Computer Services (P) Ltd.) was founded in 1993 and has been actively involved in Research and Development of anti-virus software since then. Quick Heal an award-winning anti-virus product is installed in corporate, small business and consumers' homes, protecting their PCs from viruses and other malicious threats.
Source: http://www.quickheal.co.in
VULNERABLE PRODUCTS
Virtually Secure - Oded Horovitz, VMWare
Malicious Cryptography - Frdric Raynal and Eric Filiol, Sogeti/Cap-Gemini
and ESAT
The Death of AV Defense in Depth: Revisiting Anti-Virus Software -
Thierry Zoller and Sergio Alvarez, nRuns
VMWare Issues - Sun Bing, McAfee
Intrusion Detection Systems Correlation: a Weapon of Mass
Impact:
This problem can lead to remote denial of service if an attacker carefully
crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in AVG Antivirus software versions prior to the
program update AVG 8.0.156.
Solution:
The vulnerability was reported on 10.Jul.2008 and AVG 8.0.156 has been
issued on 25.Jul.2008 to solve this vulnerability. For detailed information
********************************************************************************************
Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass
hackers.
NOTIFICATION:
this exploit are based on Andrey Bayora "magic of magic byte" but with some development.
This proof of concept was created for educational purposes only,Use the code it at your own risk.
The author will not be responsible for any damages.
*********************************************************************************************
Exploit Information:
Date: 2008/19/08
contains malware and evade anti-virus detection.
Note: After files have been extracted from an archive, the desktop
Anti-Virus engine is able to scan all files for malware.
Consequently, detection evasion can be a concern for gateway
anti-virus software if archives are not scanned, but the risk is
effectively mitigated by the desktop anti-virus engine.
Mitigating Factors: See note above.
> > through Windows API. If you know the name of the directory, it is e.g.
> > possible to enter the hidden directory using Command Prompt and it is
> > possible to create new hidden files. There are also ways to run files
> > from this directory. Files in this directory are also hidden from some
> > antivirus scanners (as with the Sony BMG DRM case) — depending on the
> > techniques employed by the antivirus software. It is therefore
> > technically possible for malware to use the hidden directory as a hiding
> > place."
>
>That is correct. It could be abused that way. Just like several other
>folders on e.g. Vista could be as well since they share that exact
Contact : heurs@ghostsinthstack.org, s.leberre@sysdream.com
//----- Application description
Avast! antivirus software represents complete virus protection,
offering full desktop security including a resident shield.
This antivirus is certified by both ICSA Labs and West Coast
Labs Checkmark.
//----- Description of vulnerability
- Avira AntiVir Exchange (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir SharePoint (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir ISA Server (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir MIMEsweeper (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir for KEN! 4 (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
- Avira AntiVir Professional (Unix) (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir Server (Unix) (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir MailGate (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
- Avira AntiVir WebGate (pre AV7 7.9.0.148 / AV8/9: 8.2.0.148)
> through Windows API. If you know the name of the directory, it is e.g.
> possible to enter the hidden directory using Command Prompt and it is
> possible to create new hidden files. There are also ways to run files
> from this directory. Files in this directory are also hidden from some
> antivirus scanners (as with the Sony BMG DRM case) — depending on the
> techniques employed by the antivirus software. It is therefore
> technically possible for malware to use the hidden directory as a hiding
> place."
That is correct. It could be abused that way. Just like several other
folders on e.g. Vista could be as well since they share that exact
VMware Fusion 2.0.6
-------------------
VMware Fusion 2.0.6 (for Intel-based Macs): Download including
VMware Fusion and a 12 month complimentary subscription to McAfee
VirusScan Plus 2009
md5sum: d35490aa8caa92e21339c95c77314b2f
sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26
VMware Fusion 2.0.6 (for Intel-based Macs): Download including only
VMware Fusion software
Avast! Multiple Vulnerabilities
BACKGROUND
Avast! antivirus software represents complete virus protection, offering full desktop security including a resident shield. Daily automatic updates ensure continuous data protection against all types of malware and spyware. Avast! antivirus is certified by both ICSA Labs and West Coast Labs Checkmark.
Avast! Professional Edition 4.8 is a collection of award winning, high-end technologies that work in perfect synergy, having one common goal: to protect your system and valuable data against computer viruses, spyware and rootkits. It represents a best-in-class antivirus solution for any Windows-based workstation.
Source: http://www.avast.com
VULNERABLE PRODUCTS
<<Previous
|
