Multiple Vendor Virus Scanner Recycle Bin Exclusion Vulnerability

This exploit will install a 'decoy' executable to the desktop, and install a file (winsetup.dll) containing an eicar.com virus signature into the Recycled folder. The hostile code is originally XORed with 25 to get it past active detection, but is then restored to its regular executable state after being placed into the recycled folder.

The zip file contains the executable exploit, and source for the installer and the decoy.


 

Privacy Statement
Copyright 2010, SecurityFocus