Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass

EDB-ID:

32110

CVE:





Platform:

Multiple

Date:

2008-07-22


source: https://www.securityfocus.com/bid/30347/info

Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.

Outpost Security Suite Pro 2009 is vulnerable; other versions may also be affected. 

ASCII: 
HEX: 26 23 31 32 32 38 38 3b

The following special character in a filename can evade firewall rules:

ASCII:? ? ? ‣ ․ ‥ ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20
26 23 38 32 32 39 3b 20 85