[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code)
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting Vulnerability Pt.3 (Includes PoC VBScript Code)
- From: "RandallM" <randallm@xxxxxxxxxxx>
- Date: Sat, 6 Nov 2004 08:38:53 -0600
Daniel told me:
--__--__--
Message: 4 Date: Wed, 03 Nov 2004 20:09:02 -0500
From: Daniel Milisic <dmilisic@xxxxxxxxxxxxx>
To: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Norton AntiVirus 2004/2005 Scripting
Vulnerability Pt.3 (Includes PoC VBScript Code)
Hi All, I have major issues with the quality of Norton AntiVirus.
For some history, see:
http://seclists.org/lists/fulldisclosure/2004/Oct/0540.html - Norton
AntiVirus 2004 Script Blocking Failure (Rant and PoC enclosed)
http://seclists.org/lists/fulldisclosure/2004/Oct/0775.html - Norton
AntiVirus 2004/2005 Script Blocking Redux Symantec's Response to this issue:
(From a week ago) "ScriptBlocking is intended to provide proactive detection
against script-based worms and this component of Norton AntiVirus has been
effective at doing this since its introduction in 2001" Huh? Below is a
'typical' script-based virus that Norton AntiVirus will allow a user to run,
without *any* intervention on NAV's part whatsoever. It's likely that code
similar to this is already appended to script-based threats/worms to assist
their penetration in the wild.
--__--__--
Dam. McAfee picked it right up as viral.
thank you
Randall M
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html