FireEye MPS JAR analyzer command execution

2015-12-28T00:00:00
ID SAINT:FF81F2DE3B0566B07A25ED8DAF4FE9AF
Type saint
Reporter SAINT Corporation
Modified 2015-12-28T00:00:00

Description

Added: 12/28/2015
BID: 78809

Background

The FireEye Malware Protection System (MPS) detects and eliminates malware found on file shares, web downloads, and e-mail.

Problem

A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR file containing obfuscated strings.

Resolution

Upgrade FireEye security content to version 427.334 or higher.

References

<https://code.google.com/p/google-security-research/issues/detail?id=666>

Limitations

Exploit requires a user on the monitored network to download the exploit file, which leads to a shell connection to the FireEye system.

Exploit requires the **jar** utility to be installed on the SAINT host.