Symantec Norton AntiVirus device name bypass security
| nav-antivirus-security-bypass (17603) |  Low Risk |
Description:
Symantec Norton AntiVirus could allow a remote attacker to bypass system and email scan protection measures. By creating a malicious file with a reserved device name, such as AUX, CON, PRN, COM1 or LPT1, a remote attacker could bypass scanning and execute arbitrary code on the system, once the malicious file is opened.
Consequences:
Denial of Service
Remedy:
Apply the fix for this vulnerability, when it becomes available from the Symantec Web site. See References.
References:
- iDEFENSE Security Advisory 10.05.04: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability.
- Symantec Security Response SYM04-015: Symantec Norton AntiVirus MS-DOS Reserved Device Name Handling.
- BID-11328: Symantec Norton AntiVirus MS-DOS Name Scan Evasion Vulnerability
- CVE-2004-0920: Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.
Platforms Affected:
- Symantec Norton AntiVirus 2002
- Symantec Norton AntiVirus 2003
- Symantec Norton AntiVirus 2004
Reported:
Oct 05, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net