Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: [Full-disclosure] Re: [xfocus-AD-051115]Multiple antivirus failedto scan malicous filename bypass vulnerability
From: Aditya Deshmukh (aditya.deshmukhonline.gateway.strangled.net)
Date: Tue Nov 15 2005 - 22:36:04 CST
> axo> Demonstration here:
> axo> Choose a malicious file which would be detected, such as nc.exe,
> axo> rename the file as nc??.exe (?? =Hex C0 D7 BA DC)
> axo> Because these special names are unable directly to input, so if you
> axo> want to run these file, you should use the following way:
> axo> Uses the MS-DOS name specification, we can operate file with
> axo> Read$B!"(BWrite$B!"(B and duplicate$B!#(B
> That means that if the user clicks on it using explorer.exe or
> iexplorer.exe the file won't be executed because even Microsoft
> Windows explorer is unable to parse the file?
It will be executed because the if windows is not able to
Access the long file name then short file name is used to
Access the file in +x or execute mode...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/