AntiVir Fails to Scan Files Named With MS DOS Device Names - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Security) > AntiVir

Vendors: H+BEDV Datentechnik

AntiVir Fails to Scan Files Named With MS DOS Device Names

SecurityTracker Alert ID: 1011842

SecurityTracker URL: http://securitytracker.com/id/1011842

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 21 2004

Impact: Modification of system information

Exploit Included: Yes

Description: A vulnerability was reported in AntiVir. A remote user can create a file that will not be detected by the application.

Sowhat of the ITS Security Research Team reported that a file or directory name that contains certain character strings related to MS-DOS device names (e.g., COM1, LPT1, AUX, CON, PRN) will not be scanned by the anti-virus system.

The vendor was notified without response.

The original advisory is available at:

http://secway.org/Advisory/Ad20041009.txt

Impact: The anti-virus software may fail to scan certain filenames and directory names.

Solution: No solution was available at the time of this entry.

Vendor URL: www.hbedv.com/en/ (Links to External Site)

Cause: Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC