[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal
- To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx
- Subject: [Full-disclosure] Re: Secunia Research: HAURI Anti-Virus Compressed Archive Directory Traversal
- From: Andreas Marx <gega-it@xxxxxx>
- Date: Sun, 21 Aug 2005 11:35:00 +0200
Hi!
I'm sorry, but you were not the first one who noticed this kind of problem. :-)
I've discovered the same type of problems much earlier and reported it to the
vendor several times. However, Hauri *never* responded to our inqueries. When I
was calling them, they at least acknowledged that they got my mails, but
nothing has happened later. You can find more details about the issue the in
the following article:
"Durchleuchter - 16 Virenscanner für Windows", Andreas Marx & Axel Vahldiek,
c't 01/2005, page 128pp. (10 pages)
The tests for this article were performed in November and December 2004. There
are a lot more vulnerabilities in this product, e.g. everyone can get
Administrator rights on a "protected" PC very easily. A good number of the
problems are described in the above article for the German c't magazine, too.
BTW: It's interesting to see that you have tested *exactly* the same kind of
archive files we've used in the c't review...
cheers,
Andreas Marx
CEO, AV-Test.org
http://www.av-test.org
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/