Outpost Security Suite Pro 2009 Filename Parsing Security Bypass Vulnerability

2014-07-01T00:00:00
ID SSV:85412
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/30347/info

Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.

Outpost Security Suite Pro 2009 is vulnerable; other versions may also be affected. 

ASCII: 
HEX: 26 23 31 32 32 38 38 3b

The following special character in a filename can evade firewall rules:

ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20
26 23 38 32 32 39 3b 20 85