Twister Anti-TrojanVirus is affected by a scan evasion vulnerability when handling files with MS-DOS reserve device names. This issue is due to a design error that allows the files to avoid being scanned. Apparently it is possible for an attacker to name a standard file after a reserved MS-DOS device name. The attacker may deliver the file to a user through various delivery mechanisms. If successful, the attacker may leverage this issue to bypass the scanner protection provided by the vulnerable antivirus scanner, giving users a false sense of security. A similar vulnerability affecting Symantec Norton AntiVirus was reported in BID 11328 (Symantec Norton AntiVirus MS-DOS Name Scan Evasion Vulnerability). The researcher responsible for discovering this issue has stated that this vulnerability is identical to the issue described in BID 11328. Therefore, it is conjectured that this issue does not present a risk factor when a file is sent through email and only arises once the file is...
Twister Anti-TrojanVirus is affected by a scan evasion vulnerability when handling files with MS-DOS reserve device names. This issue is due to a design error that allows the files to avoid being scanned. Apparently it is possible for an attacker to name a standard file after a reserved MS-DOS device name. The attacker may deliver the file to a user through various delivery mechanisms. If successful, the attacker may leverage this issue to bypass the scanner protection provided by the vulnerable antivirus scanner, giving users a false sense of security. A similar vulnerability affecting Symantec Norton AntiVirus was reported in BID 11328 (Symantec Norton AntiVirus MS-DOS Name Scan Evasion Vulnerability). The researcher responsible for discovering this issue has stated that this vulnerability is identical to the issue described in BID 11328. Therefore, it is conjectured that this issue does not present a risk factor when a file is sent through email and only arises once the file is already present on a vulnerable computer. This BID will be updated as more information becomes available.
