Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
BID:9811
Info
Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
| Bugtraq ID: | 9811 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2004 12:00AM |
| Updated: | Mar 05 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to Bipin Gautam. <[email protected]>. |
| Vulnerable: |
Symantec Norton AntiVirus 2002 Professional Edition Symantec Norton AntiVirus 2002 0 |
| Not Vulnerable: | |
Discussion
Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
Norton AntiVirus 2002 has been reported to crash when performing manual scans on files contained in certain folders. This is related to how the software handles ASCII control characters (represented by decimal values in the range of 1-31).
Although unconfirmed this issue may allow a malicious file to go un-scanned, and so lead a user into a false sense of security.
It should be noted that the vulnerability that is described in this BID is reported to affect manual scans only; it is not reported to affect the NAV Auto-Protect Engine.
Norton AntiVirus 2002 has been reported to crash when performing manual scans on files contained in certain folders. This is related to how the software handles ASCII control characters (represented by decimal values in the range of 1-31).
Although unconfirmed this issue may allow a malicious file to go un-scanned, and so lead a user into a false sense of security.
It should be noted that the vulnerability that is described in this BID is reported to affect manual scans only; it is not reported to affect the NAV Auto-Protect Engine.
Exploit / POC
Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
Solution:
This issue is only present in an early build of the software. Fully updated releases of Norton AntiVirus 2002 will not exhibit this behavior. Users are advised to apply all available updates.
Solution:
This issue is only present in an early build of the software. Fully updated releases of Norton AntiVirus 2002 will not exhibit this behavior. Users are advised to apply all available updates.
References
Norton AntiVirus 2002 ASCII Control Character Denial Of Service Vulnerability
References:
References: