Entries by Kyriakos Economou

McAfee File Lock Driver – Kernel Stack Based BOF

CVE: CVE-2015-8773  Vendor: McAfee – Intel Security  Reported by: Kyriakos Economou  Date of Release: 26/01/2016  Date of Fix: N/A  Affected Products: Multiple  Affected Version: McPvDrv.sys v4.6.111.0  Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with […]

Malware Manual Unpacking – [Custom + UPX]

SHA-1: 1E6CF952D9F0D507A6AA98AD2B3327B83702BC17 Introduction Implementing all sort of methods to bypass anti-virus (AV) scanners and/or to make the analysis of a malware sample a lot harder, at least from a static point of view, is an old dog’s trick. At Nettitude, we see a lot of these techniques in evidence in malware that we come across […]

Vulnerability discovered in unsupported Cisco Systems VPN Client

Mitre assigned CVE-2015-7600 Introduction An alternative, but no less accurate title to this article would be ‘why you shouldn’t stick with non-supported software’. On the 30th of July 2014, the widely used Cisco Systems VPN Client v5.x went out of support. Unfortunately announcing the end-of-life support for a software product doesn’t necessarily mean that whoever […]

VMware Multiple Products – Privilege Escalation

CVE-2015-3650 Introduction This article summarises the findings and the impact of a vulnerability that we recently discovered in three major VMware Windows products. The affected products are ‘VMware Workstation’, ‘Horizon Client’ (with Local Mode Option), and ‘Player’. Successful exploitation of this vulnerability allows a local attacker to execute code in the context of other logged-on […]