SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Trend Micro OfficeScan Vendors:   Trend Micro
Trend Micro's OfficeScan Fails to Scan Files With Certain Types of Long NTFS File Path Names
SecurityTracker Alert ID:  1003477
SecurityTracker URL:  http://securitytracker.com/id/1003477
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 8 2002
Impact:   Modification of system information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   A vulnerability was reported in Trend Micro's OfficeScan (and potentially other virus scanning products). A local user or a virus may create a file with an NTFS file path name that cannot be scanned by the anti-virus engine.

It is reported that a file with a file path name containing more than 256 characters will not be scanned by the anti-virus scanner.

It is reported that a long folderpath can be substituted with a short file name using the "SUBST" command. A local user can change the current drive to the substituted drive to cause the path length to be reset to 3 characters (e.g., Q:\). This can apparently be repeated such that a very long file path name is created that appears to be a short file path name. It is reported that the anti-virus scanner cannot follow the deep path name.

Impact:   A local user (or virus code) can create a file with a particular type of file path name that will not be scanned by the anti-virus scanning engine.
Solution:   No solution was available at the time of this entry. It is reported that Trend Micro is working on releasing a fixed version (5.5).
Vendor URL:  www.antivirus.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Long Path Exploit on NTFS


With regards to the virus checking and long paths problem, when the topic
originally came up, I tested Trend Officescan against this problem.  It is
vulnerable.  Trend have confirmed to me that the problem will be fixed in
version 5.5 , and I am awaiting a confirmed date from them as to when it
will be available.

Regards,


Mark Ng

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC