[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Multiple vendor antivirus .kz archive format evasion/bypass vulnerability.



You do know that anyone can create a new archive format that
antiviruses
will not detect... Right?

Does this ".kz" archiver have an SFX extractor? Because a new SFX type
of an archive file will raise support priority instead.

...the succesful exploitation of this flaw allows attackers to plant
a malicious file on a server or to store unwanted codes..

Yes, but AFTER being extracted beforehand (or maybe you can prove the
otherwise)
You can't be serious to expect every unknown archive format to be
supported by AV scanners..

Cheers

Sent to you by ZeroDay.JP via Google Reader: Re: Multiple vendor
antivirus .kz archive format evasion/bypass vulnerability. via Full
Disclosure on 2/5/12

Posted by Julius Kivimäki on Feb 05
You do know that anyone can create a new archive format that antiviruses
will not detect... Right?

2012/2/2 Michel <kareldjag () yahoo fr>

Things you can do from here:
- Subscribe to Full Disclosure using Google Reader
- Get started using Google Reader to easily keep up with all your
favorite sites
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/