ESET Patches Scan Engine Against Remote Root Exploit

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377


An analysis of the code emulator available in ESET products showed that the component was not sufficiently robust and can be easily compromised, allowing an attacker to take complete control of a system running the vulnerable security solution.

Code emulation has been integrated in antivirus products to run executable files and scripts before the user launches them and monitor activity on the system. The process takes place in an isolated environment that should not impact on the real system.

The data collected is supplied to the heuristic analyzer, which decides if the nature of the routines is for malicious or suspicious, followed by the creation of a detection signature.

Glitch triggered during scan routine
Tavis Ormandy from Google Project Zero discovered the vulnerability in NOD32 Antivirus but other products are affected, including consumer versions for Windows, OS X and Linux as well as Endpoint and Business editions.

“Many antivirus products include emulation capabilities that are intended to allow unpackers to run for a few cycles before signatures are applied. ESET NOD32 uses a minifilter or kext [kernel extension] to intercept all disk I/O, which is analyzed and then emulated if executable code is detected,” Ormandy says in the vulnerability report.

Because disk I/O operations can be caused in numerous ways, untrusted code can pass through the disk when messages, files, images or other type of data is received, hence the need of a robust and properly isolated code emulator in antivirus solutions.

The vulnerability touches on managing a shadow stack task and can be triggered whenever a scanning operation (real-time, scheduled or manual) occurs.


Read more: http://news.softpedia.com/news/eset-products-vulnerable-to-remote-root-exploit-485191.shtml
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top