One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 6112317 |
| Date de publication | 2022-08-03 14:46:38 (vue: 2022-08-03 21:05:59) |
| Titre | Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution (Recyclage) |
| Texte |  Jaewon Min of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.'s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines. TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac's scanning process, which effectively neutralizes the antivirus scan. If successful, an attacker could trigger this vulnerability to stop the program from scanning for malware, which would be crucial in a potential attack scenario. TALOS-2022-1527 (CVE-2022-32543) and TALOS-2022-1533 (CVE-2022-29886) are heap-based buffer overflow vulnerabilities that an attacker could exploit to execute arbitrary code on the targeted machine. The adversary would have to convince a user to open a specially crafted OLE file to trigger this condition.Cisco Talos worked with ESTsecurity to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy.  Users are encouraged to update these affected products as soon as possible: ESTsoft Alyac, versions 2.5.7.7 and 2.5.8.544. Talos tested and confirmed ESTsoft Alyac, version 2.5.7.7, is affected by TALOS-2022-1452. Version 2.5.8.544 is vulnerable to TALOS-2022-1533 and TALOS-2022-1527.The following Snort rules will detect exploitation attempts against these vulnerabilities: 59014, 59015, and 60035 - 60042. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your |
| Envoyé | Oui |
| Condensat | talos update users 1452 1452 1527 1533 2022 21147 29886 32543 544 59014 59015 60035 60042 added additional adherence adversary affected against all alyac antivirus arbitrary are attack attacker attempts aug available based blog bounds buffer cause center change cisco code condition confirmed convince corp could crafted crash crucial current customers cve denial details detect developed disclosed disclosure discovered effectively encouraged ensure estsecurity estsoft eventually execute execution exists exploit exploitation file firewall following from future have heap information issues jaewon jon leads machine machines malware management may microsoft min module most munshaw neutralizes new ole open org out overflow pending please policy possible: post potential process products program read recently refer released resolved rule rules scan scanning scenario secure service snort software soon specially specific spotlight: stop subject successful talos targeted tested these trigger two update user version versions virus vulnerabilities vulnerabilities: vulnerability vulnerable which will windows worked would your |
| Tags | Vulnerability Guideline |
| Stories | |
| Notes | |
| Move | 
|
Les reprises de l'article (1):
| Source | CISCO Talos |
|---|---|
| Identifiant | 4572821 |
| Date de publication | 2022-05-10 07:20:09 (vue: 2022-05-10 15:06:09) |
| Titre | Vulnerability Spotlight: Vulnerability in Alyac antivirus program could stop virus scanning, cause denial of service |
| Texte | Jaewon Min of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered an out-of-bounds read vulnerability in the ESTsecurity Corp.'s Alyac antivirus software that could cause a denial-of-service condition. If successful, an attacker could... [[ This is only the beginning! Please visit the blog for the complete entry ]] |
| Envoyé | Oui |
| Condensat | alyac antivirus attacker beginning blog bounds cause cisco complete condition corp could denial discovered entry estsecurity jaewon jon min munshaw only out please program read recently scanning service software spotlight: stop successful talos these virus visit vulnerabilities vulnerability |
| Tags | Vulnerability |
| Stories | |
| Notes | ★★★★ |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.