Norton AntiVirus 2001 _Restore Directory Virus Detection Bypass Vulnerability
BID:1827
Info
Norton AntiVirus 2001 _Restore Directory Virus Detection Bypass Vulnerability
| Bugtraq ID: | 1827 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 22 2000 12:00AM |
| Updated: | Oct 22 2000 12:00AM |
| Credit: | Posted to Bugtraq on October 22, 2000 by Peter Kruse <[email protected]>. |
| Vulnerable: |
Symantec Norton AntiVirus for Windows ME 2001 |
| Not Vulnerable: | |
Discussion
Norton AntiVirus 2001 _Restore Directory Virus Detection Bypass Vulnerability
The viral detection process in Norton AntiVirus can be bypassed if the malware is placed in the C:\_Restore folder in Windows ME. During a 'Full System Scan,' Norton AntiVirus will fail to recognize the presence of viruses and trojans in the \_Restore directory. If the \_Restore directory is manually scanned, Norton AntiVirus will alert of the virus' presence but will be unable to take any further action (eg. Delete, Repair, Quarantine). This could lead to the malicious placement of viruses and trojans that cannot be sanitized.
The viral detection process in Norton AntiVirus can be bypassed if the malware is placed in the C:\_Restore folder in Windows ME. During a 'Full System Scan,' Norton AntiVirus will fail to recognize the presence of viruses and trojans in the \_Restore directory. If the \_Restore directory is manually scanned, Norton AntiVirus will alert of the virus' presence but will be unable to take any further action (eg. Delete, Repair, Quarantine). This could lead to the malicious placement of viruses and trojans that cannot be sanitized.
Exploit / POC
Norton AntiVirus 2001 _Restore Directory Virus Detection Bypass Vulnerability
See discussion.
See discussion.
References
Norton AntiVirus 2001 _Restore Directory Virus Detection Bypass Vulnerability
References:
References: