AOH :: HP Unsorted O :: BX3831.HTM

Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities



Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities
Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities



=0D
Application: Outpost Security Suite Pro ver. 2009=0D
OS: Windows Xp (All patches a day)=0D
------------------------------------------------------=0D
1 - Description=0D
2 - Vulnerability=0D
3 - POC/EXPLOIT=0D
------------------------------------------------------=0D
Description=0D
Outpost Security Suite is a software application that contains several security,=0D
including anti-virus and is mainly a firewall but also includes an anti-spam and content control.=0D
=0D
------------------------------------------------------=0D
Vulnerability=0D
=0D
The vulnerability is that when using certain special characters such as file name=0D
could be left without protection for the system. =0D
=0D
The first flaw is  used as a special character file name,=0D
making this could evade antivirus protection and make a file already detected=0D
by the antiviru not be detected. =0D
=0D
The second flaw is that using a certain amount of special characters such as filename to run a program=0D
that this blocked by the firewall, the firewall to detect the file, it would break the firewall and would=0D
continue to be running malicious file without restrictions. =0D
=0D
In the latter case exceptions vary depending on the type of characters which are used=0D
for example here there are two different results.=0D
=0D
Aplicaci=F3n con errores: acs.exe, versi=F3n: 6.5.2358.9115, m=F3dulo con error: ntdll.dll, versi=F3n 5.1.2600.2180, direcci=F3n de error 0x000111de.=0D
Aplicaci=F3n con errores: acs.exe, versi=F3n: 6.5.2358.9115, m=F3dulo con error: kernel32.dll, versi=F3n 5.1.2600.3119, direcci=F3n de error 0x0000bd85.=0D
Aplicaci=F3n con errores: acs.exe, versi=F3n: 6.5.2358.9115, m=F3dulo con error: firewall.ofp, versi=F3n 6.5.2358.9115, direcci=F3n de error 0x000350b3.=0D
=0D
------------------------------------------------------=0D
POC/EXPLOIT=0D
To evade the virus requires the following character.=0D
=0D
ASCII: =0D
HEX: 26 23 31 32 32 38 38 3b =0D
=0D
To perform the test to fail the firewall will require the following.=0D
=0D
ASCII:=86 =87 =95 ‣ ․ ‥ =85=0D
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 =0D
=0D
=0D
Note: In the case of evasion of anti-virus testing must be done with a file detected by antivirus and firewall=0D
in the case obviously does not have a file that would make connections.=0D
------------------------------------------------------=0D
Juan Pablo Lopez Yacubian

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.