[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Avast Antivirus

To: Floste <floste@xxxxxx>
Subject: Re: [Full-disclosure] Avast Antivirus
From: Juergen Schmidt <ju@xxxxx>
Date: Thu, 19 Jan 2012 12:04:57 +0100 (CET)

On Tue, 17 Jan 2012, Floste wrote:

> Hello,
>
> Avast Antivirus also comes with sandbox and a "SafeZone". But both can
> be circumvented using simple dll-injection and they seem to do nothing
> about it: http://forum.avast.com/index.php?topic=82291.0
>
> Maybe this post here will encourage them to fix it.

In my understanding a sandbox is not supposed to prevent you from getting 
in from the outside but from escaping from the inside. So if a sandboxed 
process injects a DLL in say a running IE process outside -- then we are 
talking about vulns

bye, ju

--
Juergen Schmidt       Chefredakteur  heise Security     www.heisec.de
Heise Zeitschriften Verlag, Karl-Wiechert-Allee 10 ,   D-30625 Hannover
Tel. +49 511 5352 300      FAX +49 511 5352 417       EMail ju@xxxxxxxxx
GPG-Key: 0x38EA4970,  5D7B 476D 84D5 94FF E7C5  67BE F895 0A18 38EA 4970

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Avast Antivirus
  - From: xD 0x41
- Re: [Full-disclosure] Avast Antivirus
  - From: Floste

References:
- [Full-disclosure] Avast Antivirus
  - From: Floste

Prev by Date: Re: [Full-disclosure] Reflection Scan: an Off-Path Attack on TCP
Next by Date: Re: [Full-disclosure] [CVE-2012-0207] Linux IGMP Remote Denial Of Service
Previous by thread: Re: [Full-disclosure] Avast Antivirus
Next by thread: Re: [Full-disclosure] Avast Antivirus
Index(es):
- Date
- Thread