PT-2018-18002 · Armadito · Armadito

Souhail Hammou

Published

2018-02-21

Updated

2018-03-17

CVE-2018-7289

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Armadito version 0.12.7.2

Description An issue in the Armadito windows driver allows malware with filenames containing pure UTF-16 characters to bypass detection. The user-mode service fails to open the file for scanning after converting Unicode to ANSI, as characters that cannot be converted are replaced with '?' characters.

Recommendations For Armadito version 0.12.7.2, consider implementing a workaround to handle filenames with UTF-16 characters properly, such as manually checking for malware in files that fail to open for scanning, until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-172

Related Identifiers

CVE-2018-7289

Affected Products

Armadito

PT-2018-18002 · Armadito · Armadito

CVE-2018-7289

Weakness Enumeration

Related Identifiers

Affected Products

References · 4