{"enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-10-03T15:01:55", "rev": 2}, "dependencies": {"references": [], "modified": "2016-10-03T15:01:55", "rev": 2}, "vulnersScore": -0.2}, "reporter": "SAINT Corporation", "id": "SAINT:1307C624B4E96E9B6251255AF61EC438", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2015-12-28T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "modified": "2015-12-28T00:00:00", "references": [], "cvelist": [], "description": "Added: 12/28/2015 \nBID: [78809](<http://www.securityfocus.com/bid/78809>) \n\n\n### Background\n\nThe FireEye Malware Protection System (MPS) detects and eliminates malware found on file shares, web downloads, and e-mail. \n\n### Problem\n\nA vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR file containing obfuscated strings. \n\n### Resolution\n\nUpgrade FireEye security content to version 427.334 or higher. \n\n### References\n\n<https://code.google.com/p/google-security-research/issues/detail?id=666> \n\n\n### Limitations\n\nExploit requires a user on the monitored network to download the exploit file, which leads to a shell connection to the FireEye system. \n\nExploit requires the `**jar**` utility to be installed on the SAINT host. \n\n", "type": "saint", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/fireeye_mps_jar", "lastseen": "2016-10-03T15:01:55", "edition": 1, "title": "FireEye MPS JAR analyzer command execution"}

{}