I am vulnerable ^^

dorgane · Apr 22, 2009

hi,
i test in this url :
http://www.finjan.com/Content.aspx?id=577

Ddos :

Test Name: Denial of Service (DoS) Demo
Security Status: You are vulnerable
Details: Our test indicates that your Web Security policy did not block malicious content from entering your network

Solution: To block this malicious code from entering your network, make sure to enable the [Block Application Level Vulnerabilities] rule in your security policy

Code: var a = new ActiveXObject('mhtmlfile');
a.location = "http://www.finjan.com";
Click to expand...

VBDemo :

Test Name: Remote Code Execution (RCE) Demo
Security Status: You are vulnerable
Detailes: Our test indicates that your Web Security policy did not block malicious content from entering your network

Solution: To block this malicious code from entering your network, make sure to enable the [Block Application Level Vulnerabilities] rule in your security policy

Code: Set cf = CreateObject("Scripting.FileSystemObject")
If Not cf.FolderExists("c:/Finjan/") then
flag=cf.CreateFolder("c:/Finjan/")
End if
Set s = CreateObject("Shell.Application")
s.ShellExecute "cmd.exe /k dir C:>c:/Finjan/FinjanVbsDemo.txt"
Click to expand...

and others...

SmackyTheFrog · Apr 22, 2009

That is more an issue with applications having outstanding vulnerabilities that need to be patched. Why would the AV scanner detect this when nothing malicious is happening?

dorgane · Apr 22, 2009

ooooo

powned...

use eset smart security 4.0.417...

dorgane · Apr 22, 2009

I use IE8 on xp pro with all updates (java, flash, ie8, os are patch and legal !)

lodore · Apr 22, 2009

Hello,
the first link says it wasnt blocked with IE8
but when you click on run test you should have a yelllow ballon popup at the top of the window saying this website wants to install something.
in otherwords it is blocked...
if you accepted that warning and installed the conponant that it wanted to install its your own fault and would be in the case of a real threat.

only works with IE because it uses activex... doesnt work with opera or anything web browser.

while IE8 is the only browser it works with IE8 still blocks it and asks the user if they wish to install it.

its quite funny that the one thats meant to drop a folder and a text file to the C: drive said it wasnt blocked yet nothing has appeared on C:
i thought finjan knew what they was doing. seems i was wrong.

all i can say is standard user account IE protected mode and UAC work very well.

BTW what type of account do you use?

Marcos · Apr 22, 2009

This thread would deserve moving to a completely different forum where general security and vulnerability problems are discussed.

dorgane · Apr 23, 2009

automatic translation:
I do not agree. When a worrm virus from msn, you accept it anyway and still protects nod32.
I think a module: "prevention exploit" would be great!
it would block this type of script.

elapsed · Apr 23, 2009

dorgane said:

automatic translation:
I do not agree. When a worrm virus from msn, you accept it anyway and still protects nod32.
I think a module: "prevention exploit" would be great!
it would block this type of script.
Click to expand...

Lots of threats are detected heuristically through the exploits. This is not an exploit and it is not a threat, it is simply you clicking ok to a download, understand?

BrendanK. · Apr 23, 2009

I'm protected on IE7 I have the security policy set on high by default so all of those tests are a pass for me

SmackyTheFrog · Apr 23, 2009

dorgane said:

automatic translation:
I do not agree. When a worrm virus from msn, you accept it anyway and still protects nod32.
I think a module: "prevention exploit" would be great!
it would block this type of script.
Click to expand...

So you're asking your antivirus product to surplant the security framework of a completely different application as well as somehow "patching" buffer overflows?

That's just plain silly.

Mrkvonic · Apr 24, 2009

This test is meaningless. Why would you run an unknown ActiveX on your machine? It's no different than running any other executable, for that matter.

Go ahead and delete a few .sys files ... Same thing.

Mrk

Log in or Sign up

I am vulnerable ^^

dorgane Guest

SmackyTheFrog Registered Member

dorgane Guest

dorgane Guest

lodore Registered Member

Marcos Eset Staff Account

dorgane Guest

elapsed Registered Member

BrendanK. Guest

SmackyTheFrog Registered Member

Mrkvonic Linux Systems Expert

Log in or Sign up

I am vulnerable ^^

dorgane Guest

SmackyTheFrog Registered Member

dorgane Guest

dorgane Guest

lodore Registered Member

Marcos Eset Staff Account

dorgane Guest

elapsed Registered Member

BrendanK. Guest

SmackyTheFrog Registered Member

Mrkvonic Linux Systems Expert

Useful Searches