[Full-disclosure] .R4L - n.runs Infinite Antivirus Posting Vulnerabilities

["Just1n T1mberlake" <hotpackets@xxxxxxxxxxxxxx>]

[.r4l vulnerability release 200708280002 07-28-01]

.r4l crew has discovered n.runs infinite antivirus posting vulnerabilities

n.runs delivers solutions based on our clients´ requirements as specified by 
the client. This not only fulfills the expectations of the clients, but in most 
cases far exceeds what was anticipated. n.runs have two fully massive fists 
right up their ringers hey. With this in mind, we have formed individual 
consulting teams, who are trained and specialized in the conception of 
solutions in the areas of our technical consulting services. A large investment 
of time and money has been placed into these teams to develop solutions which 
can then completely be adapted to fit specific client requirements.

--[ Vulnerabilities ]--

1. n.runs AG has been found to post repeatedly to Internet mailing lists with 
details about Anti-Virus products.

2. Most of these vulnerabilities relate to inappropriate expansion of old 
archive files.

--[ Recommendation ]--

n.runs AG begin using newer archive formats. Older archive formats are known to 
have vulnerabilities and are not recommended for use.

--[ Vendor Response ]--

n.runs - We will stop using .lha however .arc is still widely in use within our 
office. No patches will be provided.

--[ Credits ]--

Thanks to the following
knuckles
sloppy


-- 
_______________________________________________
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB of storage!
Check out our official blog @ http://blog.hellokitty.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/