Author Topic: bcheck.scanit browser test  (Read 7055 times)

0 Members and 1 Guest are viewing this topic.

crofty59

  • Guest
bcheck.scanit browser test
« on: December 25, 2008, 01:19:26 PM »
Hi all

I have just run a browser test and i get this warning from avast, from web shield.

(Sign of "JS:XMLParse-A [Expl]" has been found in "httpp://bcheck.scanit.be/bcheck/raw.php" file.) 
I have put a extra p in http as to make the above link not live

I am not sure what to think of this as i only get this warning in IE7

Firefox does not have this warning and also Opera does not have this warning also. They both come through with no warnings.

If this question has already been asked i apologize.
Any assistance will be appreciated

I have to go out now will check back tomorrow.

Have a great Christmas and new year.

Cheers pete
« Last Edit: December 25, 2008, 01:22:35 PM by crofty59 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: bcheck.scanit browser test
« Reply #1 on: December 25, 2008, 01:27:18 PM »
Crofty, avast is very good on website infection and hacking.
Maybe Firefox and Opera aren't executing the scripts in that page (I'm not sure).
Do you use NoScript in Firefox?
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: bcheck.scanit browser test
« Reply #2 on: December 25, 2008, 11:59:31 PM »
Tech,

Just been there and tested my latest version of Firefox Shiretoko there, here the results and no avast flags there.

    * Passed  Mozilla crashes with evidence of memory corruption - passed
    * Passed Mozilla crashes with evidence of memory corruption - passed
    * Passed Adobe Flash Player video file parsing integer overflow - passed
    * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
    * Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
    * Passed Mozilla code execution via QuickTime Media-link files - passed
    * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
    * Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
    * Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
    * Passed Mozilla Firefox MathML integer overflow - passed

This is my browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b3pre) Gecko/20081225 Shiretoko/3.1b3pre ID:20081225034145

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Jahn

  • Guest
Re: bcheck.scanit browser test
« Reply #3 on: December 26, 2008, 05:06:28 AM »
The warning comes from Avast at this point:

Now testing "Internet Explorer XML nested SPAN elements memory corruption" vulnerability (test 18 out of 18)

If you run the browser specific tests the warning only appears in IE. If you run all available tests the warning also appears in Firefox and Opera.

BTW, all three of my browsers passed all tests. ;D

I noticed this, too:

Help! My anti-virus says there is a virus!
Your anti-virus is doing its job. It detects the exploit we are attempting and warns you about it. The virus it detects is some malicious software that uses the same bug we test for. Apart from exploiting same browser bug the Browser Security Test and the virus have nothing in common. We are not installing any trojans or attempting to infect you with viruses.

crofty59

  • Guest
Re: bcheck.scanit browser test
« Reply #4 on: December 26, 2008, 05:33:49 AM »
Hi tech
Yes i use no script in firefox

Hi polonus
Here is my results IE7
•    Internet Explorer bait & switch race condition - passed
•    Internet Explorer createTextRange arbitrary code execution - passed
•    Windows MDAC ADODB ActiveX control invalid length - passed
•    Adobe Flash Player video file parsing integer overflow - passed
•    XMLDOM substringData() heap overflow - passed
•    Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
•    Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows - passed
•    Window location property cross-domain scripting - passed
•    Internet Explorer XML nested SPAN elements memory corruption - passed
Congratulations! The test has found no vulnerabilities in your browser!

Firefox
•    Mozilla crashes with evidence of memory corruption - passed
•    Mozilla crashes with evidence of memory corruption - passed
•    Adobe Flash Player video file parsing integer overflow - passed
•    Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
•    Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
•    Mozilla code execution via QuickTime Media-link files - passed
•    Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) - passed
•    Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
•    Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
•    Mozilla Firefox MathML integer overflow - passed

Opera
Adobe Flash Player video file parsing integer overflow - passed
 Opera JavaScript invalid pointer arbitrary code execution - passed
 Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed


Hi Jahn
 I only did the specific tests for each browser.
 
•    Internet Explorer XML nested SPAN elements memory corruption - passed  this was the last file checked so i assume that this is where i am getting the warning.

I also noticed Help! My anti-virus says there is a virus! warning on the web page.

The only reason i was concerned as i use this test at least once a week and this is the first time I have ever received a warning.  I have tested at least 200 times.

Just now wondering why i have never received a warning from avast before.
Could it be because of a signature update ???

Thanks for all of your assistance

Cheers Pete
Ps
I have just ran a test with firefox using all available tests.
I got the same results as you did Jahn .
« Last Edit: December 26, 2008, 05:42:44 AM by crofty59 »

Jahn

  • Guest
Re: bcheck.scanit browser test
« Reply #5 on: December 26, 2008, 06:30:52 AM »
Just now wondering why i have never received a warning from avast before.
Could it be because of a signature update ???
You're welcome, Pete. Yes, more than likely it is caused by a recent signature update, but that's a good thing. I occasionally run scanit and don't remember any Avast warning until now, either.