Update: Aladdin responded and posted a blog post, please read the timeline and then the blog post. http://www.aladdin.com/AircBlog/post/2009/05/Archive-Bypass-Issue-and-eSafe.aspx It is said that : ----------------- "This means that in case a customer receives such a specially crafted archive file, he will not be able to extract it." This is wrong. Winrar for example extracts the PoC files fine. "We have acted on the issue after two days since its first coming into view." Please see the timeline below and draw your conclusions "The eSafe products affected by this vulnerability are 7.1, 7.0, and 6." I was not communicated this information and had to find a referer in my log files in order to know. Full update to be published after more discussions... ------------- IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept, description the terms under which I cooperate and the planned disclosure date. There is no security adress listed at [1] and hence took previously known security contacts that are known to exist. No reply. 13/04/2009 : Resending. Copied security@xxxxxxxxxx, security@xxxxxxxxxxx secure@xxxxxxxxxxx, secure@xxxxxxxxxx,support@xxxxxxxxxxx, support@xxxxxxxxxx in CC. No reply. 16/04/2009 : Resending specifying this is the last attempt to disclose reponsibly. No reply. 18/04/2009 : Online virus scan service offered to gap the bridge between vendors that don't reply and myself. Aladin was contacted through third party. No reaction 19/04/2009 : Aladdin visited the blog entry that explains the bypasses and impacts. http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html No reaction 27/04/2009 : Release of this limited advisory. [1] http://osvdb.org/vendor/1/Aladdin%20Knowledge%20Systems
