Sign in to follow this  
hackerman1

Is EAM affected by this vulnerability ?

Recommended Posts

"Our research team exposed a critical security vulnerability appearing in various Anti-Virus (AV) products which has the potential to turn the Anti-Virus to an attack-enabler tool.

This issue is not necessarily constrained to security solutions, but potentially to any intrusive application such as data leak prevention (DLP) and performance monitoring solutions.

 

 

The vulnerable Anti-Virus products allocate a memory page with Read, Write, Execute (RWX) permissions at a constant predictable address. This allocation occurs for various user-mode processes belonging to third party applications such as browsers and Adobe Reader.

As mentioned in our March AVG release, this flaw significantly diminishes the efforts that the threat actor needs in order to exploit a third party application. In turn, this can lead to the compromise of the underlying Windows system.

How ?

Microsoft places many Windows mitigations against exploits, for instance the randomization of memory (ASLR) and preventing data from running in memory (DEP).

Since the memory page is at a constant predictable address, the attacker can know where to write and run the code.

With the memory allocation set to RWX, that code can be executed, essentially defeating those hurdles that Windows placed in front of threat actors.

"

http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations

 

Is EAM affected by this vulnerability ?

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.