Entries by Kyriakos Economou

CVE-2018-8955: Bitdefender GravityZone Arbitrary Code Execution

We recently identified a vulnerability in the digitally signed Bitdefender GravityZone installer. The vulnerability allows an attacker to execute malicious code without breaking the original digital signature, and without embedding anything malicious into the installer itself. This means that an appropriately positioned attacker can cause the signed installer to run an arbitrary remotely hosted executable. […]

CVE-2018-6851 to CVE-2018-6857: Sophos Privilege Escalation Vulnerabilities

We have recently disclosed a list of vulnerabilities to Sophos that allow local attackers to elevate their privileges and execute code in the security context of the SYSTEM user account. Affected Products SafeGuard Enterprise 8.00.4 and earlier (Fix: install 8.00.5) SafeGuard Easy and earlier (Fix: install 7.00.3) SafeGuard LAN Crypt and earlier (Fix: […]

Symantec Encryption Desktop Local Privilege Escalation – Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS

Note: These vulnerabilities remain unpatched at the point of publication.  We have been working with Symantec to try and help them to fix this since our initial private disclosure in July 2017 (full timeline at the end of this article), however no patch has yet been released.  Consequently, we are at the point of publishing the […]