Symantec 0 replies

Please wait...

Nemmerle Forum Mod

Voice of joy and sunshine

298,262 XP

26th May 2003

0 Uploads

28,138 Posts

5 Threads

#1 2 years ago

Hehehe... ah. Amusing bit of news some of you might enjoy: https://googleprojectzero.blogspot.co.uk/2016/06/how-to-compromise-enterprise-endpoint.html  

This vulnerability has an unusual characteristic: Symantec runs their unpackers in the Kernel!

It gets worse:  

Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it - the victim does not need to open the file or interact with it in anyway.

Ah...  

On Windows, this results in remote code execution as SYSTEM, and root on all other platforms.

Derp :p