Voice of joy and sunshine
26th May 2003
Hehehe... ah. Amusing bit of news some of you might enjoy: https://googleprojectzero.blogspot.co.uk/2016/06/how-to-compromise-enterprise-endpoint.html
This vulnerability has an unusual characteristic: Symantec runs their unpackers in the Kernel!
It gets worse:
Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in anyway.
On Windows, this results in remote code execution as SYSTEM, and root on all other platforms.