Microsoft Windows Secure Boot Security Feature Bypass Vulnerability (3177404)

This host is missing an important security update according to Microsoft Bulletin MS16-094 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Symantec Antivirus Engine ASPack Remote Memory Corruption (CVE-2016-2208)

A Memory Corruption vulnerability exist in the Symantec Antivirus Engine in ASPack early version. This vulnerability is due to incorrect parsing of executables packed by ASPack early version...

PE Executables Static Analyzer: Manalyze

PE Executables Static Analyzer Manalyze performs static analysis on PE files, in order to detect signs of malicious behavior. It is a versatile tool with a robust parser and a set of built-in tests, but can also be extended easily.Manalyze was written in C++ for Windows and Linux and is released...

The vulnerability of the Symantec Anti-Virus Engine’s antivirus kernel allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Symantec Anti-Virus Engine is related to errors in syntactic analysis of executable files, packaged using the ASPack software. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure memory corruption using a file with...

CompuSource Systems Local Privilege Escalation

Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com : https://www.css4cu.com/Next/InfoSide/SoftwareSolutions.php Version: CompuSource System...

CompuSource Systems - Real Time Home Banking - Privilege Escalation

Exploit for windows platform in category local exploits Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: email protected Vendor Homepage: https://www.css4cu.com :...

CompuSource Systems Real Time Home Banking - Local Privilege Escalation

Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com : https://www.css4cu.com/Next/InfoSide/SoftwareSolutions.php Version: CompuSource System...

CompuSource Systems Real Time Home Banking - Local Privilege Escalation

CompuSource Systems Real Time Home Banking - Local Privilege Escalation Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com :...

Heuristics File System Secret Search: blueflower

blueflower is a command-line tool that looks for secrets such as private keys or passwords in a file structure. Interesting files are detected using heuristics on their names and on their content. Unlike some forensics tools, blueflower does not search in RAM, and does not attempt to identify...

Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans

Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=769 Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. T...

Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans

Exploit for windows platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=769 Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. The idea is that...

Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=769 Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. The idea is that emulators can run the code safely for a short time, giving t...

WinImage DLL Hijacking

Hi @ll, the executable installer winima90.exe and previous versions available from loads and executes CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll from its "application directory". Self-extracting executables created with WinImage load and execute CRTdll.dll, UXTheme.dll and MPR.dl...

Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables

Avast! - Out-of-Bounds Write Decrypting PEncrypt Packed executables Source: https://code.google.com/p/google-security-research/issues/detail?id=554 The attached PEncrypt packed executable causes an OOB write on Avast Server Edition. gdb bt 0 0xf6f5e64a in EmulatePolyCodePOLYINFO, int from...

VirusTotal now Scans Mac OS X Apps for Malware

Do Mac Computers Get Viruses? Yes, Of Course, they do! According to stats, malware for MAC OS X has appeared five times more in 2015 alone than the previous five years combined. As malware for Macs is becoming more common, Google has decided to add support for Mac OS X malware detection to its...

CVE-2011-4089

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory...

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure.

The vulnerability of Kaspersky Anti-Virus lies in a flaw in its memory processing mechanism when dealing with compressed executable files. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Kaspersky Anti-Virus lies in a memory corruption that occurs during the unpacking of executable files. Exploiting this vulnerability allows an attacker to cause service failures or execute arbitrary code using the executable file packed by the “Yoda’s Protector” tool, during...

The vulnerability of the Kaspersky Anti-Virus antivirus protection allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Kaspersky Anti-Virus lies in a memory corruption that occurs during the unpacking of executable files. Exploiting this vulnerability allows an attacker to cause service interruptions or execute arbitrary code using the executable file packed with UPX during the antivirus...

Microsoft Windows Trusted Boot Security Feature Bypass Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A security feature bypass vulnerability exists in Microsoft Windows. An attacker can exploit this vulnerability to disable code integrity checking, load signed...