Jump to content

Is EAM affected by this vulnerability ?


Recommended Posts

"Our research team exposed a critical security vulnerability appearing in various Anti-Virus (AV) products which has the potential to turn the Anti-Virus to an attack-enabler tool.

This issue is not necessarily constrained to security solutions, but potentially to any intrusive application such as data leak prevention (DLP) and performance monitoring solutions.



The vulnerable Anti-Virus products allocate a memory page with Read, Write, Execute (RWX) permissions at a constant predictable address. This allocation occurs for various user-mode processes belonging to third party applications such as browsers and Adobe Reader.

As mentioned in our March AVG release, this flaw significantly diminishes the efforts that the threat actor needs in order to exploit a third party application. In turn, this can lead to the compromise of the underlying Windows system.

How ?

Microsoft places many Windows mitigations against exploits, for instance the randomization of memory (ASLR) and preventing data from running in memory (DEP).

Since the memory page is at a constant predictable address, the attacker can know where to write and run the code.

With the memory allocation set to RWX, that code can be executed, essentially defeating those hurdles that Windows placed in front of threat actors.




Is EAM affected by this vulnerability ?


Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...