|
12:39 (Cuidad de México) "NO HAY SEGURIDAD CON VULNERABILIDADES", eScan Security México da a conocer la lista de vulnerabilidades reportadas en este 2004 y que por consiguiente dejan entre dicho la seguridad de algunas marcas de software Antivirus, si bien un Antivirus nos debe proteger de los Virus tambien es cierto que este no debe provocar o tener algún tipo de vulnerabilidad que ponga en riesgo la integridad de los sistemas ante la intrusión de un hacker o código malicioso, hoy en día hay que tomar muchos aspectos en cuenta antes de comprar una protección antivirus para nuestra computadora ya que algunos de ellos pueden detener algunos virus pero dejaran un hueco en el sistema suceptible a ser perpetrado por un Hacker, es indispensable analizar mas la seguridad con que estan desarrollados los programas antivirus para tener en un 99.00% la protección contra Virus y no provocar huecos en el sistema por vulnerabilidades que traiga nuestro Antivirus.
En esta lista se presentan los productos Antivirus mas Vulnerables hasta el momento en este 2004 y los ganadores los presentaremos con forme al numero de vulnerabilidades reportadas:
| Producto
Antivirus |
Vulnerabilidades |
| 1.- Symantec |
31 |
| 2.- McAfee Antivirus |
9 |
| 3.- F-Secure |
9 |
| 4.- Trend Micro |
7 |
| 5.- Sophos Antivirus |
4 |
| 6.- Computer
Associates |
4 |
| 7.- Panda Software |
3 |
| 8.- Softwin
(BitDefender) |
2 |
| 9.- Kaspersky Labs |
1 |
| 10.- Microworld
Technologies (eSscan & MailScan Antivirus) |
0 |
Detalles:
Vulnerabilidades de
Symantec Corp.
2004-11-09: Symantec
LiveUpdate Directory Traversal Vulnerability
2004-11-03: OpenSSL
Denial of Service Vulnerabilities
2004-10-05: Symantec
Norton AntiVirus MS-DOS Name Scan Evasion Vulnerability
2004-09-29: Symantec
ON Command CCM Remote Database Default Password
Vulnerability
2004-09-27: Symantec
Norton AntiVirus Malformed EMail Denial Of Service
Vulnerability
2004-09-22: Symantec
Enterprise Firewall/VPN Appliance Multiple Remote
Vulnerabilities
2004-08-30: Symantec
PowerQuest DeployCenter Boot Disk Plaintext Password
Disclosure Vulnerability
2004-08-10: Symantec
Clientless VPN Gateway 4400 Series Multiple Vulnerabilities
2004-07-19: Symantec
Norton Antivirus Script Blocker Denial Of Service
Vulnerability
2004-07-14: Symantec
Brightmail Anti-spam Unauthorized Message Disclosure
Vulnerability
2004-07-12: Symantec
Norton Antivirus Denial Of Service Vulnerability
2004-06-25: Multiple
Vendor Anti-Virus Scanner Remote Denial Of Service
Vulnerability
2004-06-22: Symantec
Enterprise Firewall DNSD DNS Cache Poisoning Vulnerability
2004-06-12: Symantec
Gateway Security 360R Wireless VPN Bypass Weakness
2004-05-24: Symantec
Norton AntiVirus ActiveX Control Remote Code Execution
Vulnerability
2004-05-20:
Symantec Client Firewall Products SYMNDIS.SYS Driver Remote
Denial Of Service Vulnerability
2004-05-14: Symantec
Client Firewall Remote DNS Response Denial Of Service
Vulnerability
2004-05-12: Symantec
Client Firewall NetBIOS Name Service Response Buffer
Overflow Vulnerability
2004-05-12: Symantec
Client Firewall NetBIOS Handler Remote Heap Overflow
Vulnerability
2004-05-12: Symantec
Client Firewall DNS Response Buffer Overflow Vulnerability
2004-04-21: Symantec
Firewall Products WrapNISUM Class Remote Command Execution
Vulnerability
2004-04-19: Norton
AntiVirus 2002 Nested File AutoProtect Bypass Vulnerability
2004-04-19: Symantec
Norton AntiVirus 2002 Nested File Manual Scan Bypass
Vulnerability
2004-04-08: Symantec
Security Check Virus Detection COM Object Denial Of Service
Vulnerability
2004-03-23: Symantec
AntiVirus Scan Engine For Red Hat Linux Insecure Temporary
File Vulnerabilities
2004-03-19: Symantec
Norton AntiSpam SymSpamHelper Class Buffer Overrun
Vulnerability
2004-03-11: Norton
AntiVirus 2002 ASCII Control Character Denial Of Service
Vulnerability
2004-03-04: Symantec
Firewall/VPN Appliance Cached Plaintext Password
Vulnerability
2004-03-03: Symantec
Gateway Security Error Page Cross-Site Scripting
Vulnerability
2004-01-14: Symantec
Web Security Block Page Message Cross-Site Scripting
Vulnerability
2004-01-12: Symantec
LiveUpdate Local Privilege Escalation Vulnerability
Vulnerabilidades de
McAfee
2004-09-17: McAfee
VirusScan System Scan Local Privilege Escalation
Vulnerability
2004-07-19: Multiple
Stack Protection Scheme Evasion Weakness
2004-06-25: Multiple
Vendor Anti-Virus Scanner Remote Denial Of Service
Vulnerability
2004-05-10: McAfee
ePolicy Orchestrator Server Remote Code Execution
Vulnerability
2004-04-29: McAfee
Security Installer Control System ActiveX Information
Disclosure Vulnerability
2004-04-07: Mcafee
FreeScan CoMcFreeScan Browser Information Disclosure
Vulnerability
2004-04-07: Mcafee
FreeScan CoMcFreeScan Browser Object Buffer Overflow
Vulnerability
2004-02-03: Multiple
Vendor bzip2 Antivirus Software Denial of Service
Vulnerability
2004-01-30: McAfee
ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement
Vulnerability
Vulnerabilidades de
F-Secure
2004-11-03: F-Secure
Anti-Virus For Microsoft Exchange Password Protected Archive
Scanner Bypass Vulnerability
2004-10-27: OpenSSL
ASN.1 Parsing Vulnerabilities
2004-10-14: Multiple
LHA Buffer Overflow/Directory Traversal Vulnerabilities
2004-09-27:
Multiple Vendor MIME Encapsulation Content Checking Filter
Bypass Vulnerabilities
2004-09-09: F-Secure
Content Scanner Server Remote Denial of Service
Vulnerability
2004-05-25: F-Secure
Anti-Virus Unspecified Scanner Bypass Vulnerability
2004-04-07: F-Secure
BackWeb Local Privilege Escalation Vulnerability
2004-03-20: OpenSSH
Buffer Mismanagement Vulnerabilities
2004-03-09: F-Secure
SSH Server Password Authentication Policy Evasion
Vulnerability
Vulnerabilidades de
Trend Micro Inc.
2004-11-05: Trend
Micro ScanMail for Domino Remote File Disclosure
Vulnerability
2004-06-14: Trend
Micro OfficeScan Local Privilege Escalation Vulnerability
2004-06-07: Trend
Micro Scanning Engine Report Generation HTML Injection
Vulnerability
2004-05-07: Trend
Micro OfficeScan Weak Default Permissions Vulnerabilities
2004-03-25: Trend
Micro Interscan WebManager Java TeleWindow Unspecified
Credential Theft Vulnerability
2004-03-24: Trend
Micro Interscan Viruswall localweb Directory Traversal
Vulnerability
2004-02-03: Multiple
Vendor bzip2 Antivirus Software Denial of Service
Vulnerability
Vulnerabilidades de
SOPHOS
2004-11-05: Sophos
MailMonitor for SMTP Unspecified Email Handling
Vulnerability
2004-09-27: Sophos
Anti-Virus Reserved MS-DOS Name Scan Evasion Vulnerability
2004-02-12: Sophos
Anti-Virus Delivery Status Notification Handling Scanner
Bypass Vulnerability
2004-02-12: Sophos
Anti-Virus MIME Header Handling Denial Of Service
Vulnerability
Vulnerabilidades de
Computer Associates
2004-06-25: Multiple
Vendor Anti-Virus Scanner Remote Denial Of Service
Vulnerability
2004-03-19: Computer
Associates eTrust Antivirus Malicious Code Detection Bypass
Vulnerability
2004-06-25: Multiple
Vendor Anti-Virus Scanner Remote Denial Of Service
Vulnerability
2004-02-09: Computer
Associates eTrust InoculateIT For Linux Vulnerabilities
Vulnerabilidades de
Panda Software.
2004-06-25: Multiple
Vendor Anti-Virus Scanner Remote Denial Of Service
Vulnerability
2004-04-07: Panda
ActiveScan ASControl.DLL Remote Heap Overflow Vulnerability
2004-04-06: Panda
ActiveScan ascontrol.dll Denial of Service Vulnerability
Vulnerabilidades de
Softwin BitDefender.
2004-04-20: Softwin
BitDefender AvxScanOnlineCtrl COM Object Information
Disclosure Vulnerability
2004-04-20: Softwin
BitDefender AvxScanOnlineCtrl COM Object Remote File Upload
And Execution Vulnerability
Vulnerabilidades de
Kaspersky Labs.
2004-02-03: Multiple
Vendor bzip2 Antivirus Software Denial of Service
Vulnerability
Vulnerabilidades
MicroWorld Technologies (eScan y MailScan Antivirus)
"No
hay hay Vulnerabilidades encontradas"
Fuente: SecurityFocus
|
