One Article Review
| Source |  SANS Institute |
|---|---|
| Identifiant | 1719 |
| Date de publication | 2016-05-17 19:23:19 (vue: 2016-05-17 19:23:19) |
| Titre | CVE-2016-2208 Symantec Antivirus Engine Malformed PE Header Parser Memory Access Violation, (Tue, May 17th) |
| Texte | More vulnerabilities! This time the Symantec Antivirus engine. There is a buffer overflow that can be triggered by malformed PE executables is the SizeofRawData PE attribute is greater than SizeofImage PE attribute. Exploiting this bug will give the attacker root in UNIX and kernel memory corruption in Windows being able to execute anything with maximum privileges. This bug can be dangerous because the PE malformation is not usually checked within Antivirus, Host IPS platform or proxies.Want to perform a PoC yourself? Download the test file . If vulnerable, a kernel panic like You should patch this vulnerability ASAP with Symantec Antivirus Engine 20151.1.1.4. Red the full Symantec Advisory Manuel Humberto Santander PelezSANS Internet Storm Center - HandlerTwitter: @manuelsantanderWeb:http://manuel.santander.namee-mail: msantand at isc dot sans dot org (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. |
| Envoyé | Oui |
| Condensat | 17th 20151 2016 2208 @manuelsantanderweb:http://manuel able access advisory antivirus anything asap attacker attribute attribution because being buffer bug can center checked commons corruption creative cve dangerous dot download edu engine executables execute exploiting file full give greater handlertwitter: header host https://isc humberto internet ips isc kernel license like mail: malformation malformed manuel maximum may memory more msantand namee noncommercial not org overflow panic parser patch pelezsans perform platform poc privileges proxies red root sans santander should sizeofimage sizeofrawdata states storm symantec test than time triggered tue united unix usually violation vulnerabilities vulnerability vulnerable want will windows within yourself |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.