As part of
a security analysis performed by Comsec, our security experts have identified a
security flaw enabling the Evasion/Bypass of the scanning engine of PrivaWall
Antivirus using Office XML formats.
As part of
Comsec’s commitment for improving the security level and support the security
community worldwide, the issue was responsibly disclosed to the vendor, waiting
until patch release before disclosing it publicly.
The
Proof-of-Concept was done by sending several files, containing both EICAR, and
a 'real' arbitrary EXE file embedded (OLE) in a WordML document. Additionally,
the icon that provide the user an indication of the format is encoded in .emz
and can be modified to seem harmless instead of the default executable icon
that is normally accompanied with a large warning sign by default.
Full vulnerability details can be found at - http://www.securityfocus.com/archive/1/521948/30/0/threaded.
Full vulnerability details can be found at - http://www.securityfocus.com/archive/1/521948/30/0/threaded.