Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

oss-bypass.txt

🗓️ 23 Jul 2008 00:00:00Reported by Juan Pablo Lopez YacubianType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Outpost Security Suite Pro 2009, vulnerability to special characters evasion, antivirus and firewall restriction bypass

Code
`  
Application: Outpost Security Suite Pro ver. 2009  
OS: Windows Xp (All patches a day)  
------------------------------------------------------  
1 - Description  
2 - Vulnerability  
3 - POC/EXPLOIT  
------------------------------------------------------  
Description  
Outpost Security Suite is a software application that contains several security,  
including anti-virus and is mainly a firewall but also includes an anti-spam and content control.  
  
------------------------------------------------------  
Vulnerability  
  
The vulnerability is that when using certain special characters such as file name  
could be left without protection for the system.   
  
The first flaw is used as a special character file name,  
making this could evade antivirus protection and make a file already detected  
by the antiviru not be detected.   
  
The second flaw is that using a certain amount of special characters such as filename to run a program  
that this blocked by the firewall, the firewall to detect the file, it would break the firewall and would  
continue to be running malicious file without restrictions.   
  
In the latter case exceptions vary depending on the type of characters which are used  
for example here there are two different results.  
  
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: ntdll.dll, versión 5.1.2600.2180, dirección de error 0x000111de.  
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: kernel32.dll, versión 5.1.2600.3119, dirección de error 0x0000bd85.  
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: firewall.ofp, versión 6.5.2358.9115, dirección de error 0x000350b3.  
  
------------------------------------------------------  
POC/EXPLOIT  
To evade the virus requires the following character.  
  
ASCII:   
HEX: 26 23 31 32 32 38 38 3b   
  
To perform the test to fail the firewall will require the following.  
  
ASCII:† ‡ • ‣ ․ ‥   
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85   
  
  
Note: In the case of evasion of anti-virus testing must be done with a file detected by antivirus and firewall  
in the case obviously does not have a file that would make connections.  
------------------------------------------------------  
Juan Pablo Lopez Yacubian  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Jul 2008 00:00Current
7.4High risk
Vulners AI Score7.4
outpost security suitespecial charactersevasionantivirusfirewallrestrictionbypass
30