QNAP Signage Station: Publish and Be Damned (Part 2)

tl;dr Nettitude has discovered that the iArtist application is vulnerable to CWE-290 Authentication Bypass by Spoofing. This flaw can be leveraged to remove the need to supply valid credentials when uploading a presentation. Additionally, the Signage Station system suffers from CWE-768 Use of Hard-coded Credentials. This grants access to the host NAS FTP service and […]

QNAP Signage Station: Publish and Be Damned (Part 1)

tl;dr Nettitude researchers have discovered that QNAP Signage Station is vulnerable to CWE-434, Unrestricted Upload of File with Dangerous Type. This flaw can be leveraged by a low privileged remote user to gain interactive system access as a member of the Administrator’s group. Introduction Signage Station is a QNAP authored application that runs on a […]

Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver

CVE-2015-8620 We discovered this vulnerability in the Avast Virtualization driver (aswSnx.sys) that handles some of the ‘Sandbox’ and ‘DeepScreen’ functionality of all the Avast Windows products. We initially found this issue in versions 10.x (10.4.2233.1305) of those products and later confirmed that the latest 11.x versions were still affected by this issue up to, and […]

HMRC Phishing Scam

In the last few days, Nettitude’s threat intelligence platform has picked up a mass phishing campaign – involving the distribution over nearly two million individual emails – targeting HMRC customers. The attackers attempt to obtain personal details by directing the user to click a link in the e-mail, which then redirects them to a compromised […]

McAfee File Lock Driver – Kernel Memory Leak

CVE: CVE-2015-8772  Vendor: McAfee – Intel Security  Reported by: Kyriakos Economou  Date of Release: 26/01/2016  Date of Fix: N/A  Affected Products: Multiple  Affected Version: McPvDrv.sys v4.6.111.0  Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly IOCTL_DISK_VERIFY IOCTL requests, which leads to kernel memory leak through specifically crafted IOCTLs. Normally the IOCTL_DISK_VERIFY IOCTL […]

McAfee File Lock Driver – Kernel Stack Based BOF

CVE: CVE-2015-8773  Vendor: McAfee – Intel Security  Reported by: Kyriakos Economou  Date of Release: 26/01/2016  Date of Fix: N/A  Affected Products: Multiple  Affected Version: McPvDrv.sys v4.6.111.0  Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with […]