Bipin Gautam wrote: > Norton AntiVirus Denial Of Service Vulnerability [Part: !!!] > > *vulnerable [...only tested on!] > > Symantec Norton AntiVirus 2003 Professional Edition Symantec Norton > AntiVirus 2002 > > *not vulnerable > Mcafee 7* > Mcafee 8* > > Risk Impact: Medium > Remote: yes > > Description: > While having a virus scan [automatic/manual] of some specially > crafted compressed files; NAV triggers a DoS using 100% CPU for a > very long time. Morover, NAV is unable to stop the scan in middle, > even if the user wishes to manually stop the virus scan. Then, in > this situation the only alternate is to kill the process. --- [Proof > of Concept] --- > Please download this file. > > http://www.geocities.com/visitbipin/av_bomb_3.zip <--- For > symantec. > > http://www.geocities.com/visitbipin/EXTRACTit1st.zip <--- A > bzip2 file, test it on other AV products, too. > > The file contains, 'EICAR Test String' burried in 49647 directories. > This is just a RAW 'proof of concept'. A few 100kb's of compressed > file could be crafted in a way... NAV will take hours or MIGHT even > days to complete the scan causing 100% cup use in email gateways for > hours. The compressed archive must not necessarily be a '.zip' to > trigger this attack. > Tested on Symantec Corporate 9.0 (338). Scaned the file in just under 10 seconds with no noticable CPU usage. OS: Windows XP (SP2 RC2)
