Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056756 漏洞类型
发布时间 2008-07-22 更新时间 2008-07-22
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32110
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/30347/info

Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.

Outpost Security Suite Pro 2009 is vulnerable; other versions may also be affected. 

ASCII: 
HEX: 26 23 31 32 32 38 38 3b

The following special character in a filename can evade firewall rules:

ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20
26 23 38 32 32 39 3b 20 85