Outpost Security Suite Pro Bypass Antivirus and Firewall Rules Vulnerability

vendor:

Outpost Security Suite Pro

by:

SecurityFocus

7.5

CVSS

HIGH

Bypass Antivirus and Firewall Rules

CWE

Product Name: Outpost Security Suite Pro

Affected Version From: Outpost Security Suite Pro 2009

Affected Version To: Outpost Security Suite Pro 2009

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Outpost Security Suite Pro Bypass Antivirus and Firewall Rules Vulnerability

Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input. Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30347/info

Outpost Security Suite Pro is prone to a vulnerability that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful exploits can allow malicious data to evade expected detection rules, giving legitimate users a false sense of security. Other attacks may also be possible.

Outpost Security Suite Pro 2009 is vulnerable; other versions may also be affected. 

ASCII:&#12288;
HEX: 26 23 31 32 32 38 38 3b

The following special character in a filename can evade firewall rules:

ASCII:? ? ? &#8227; &#8228; &#8229; ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20
26 23 38 32 32 39 3b 20 85