Zero-day vulnerability to FireEye Antivirus

Mr. Kristian Erik Hermansen, a security researcher based in Los Angeles of , found a zero-day bug in FireEye antivirus, along with three other vulnerabilities, which according to his Twitter account, are now for sale.

FireEye

Despite the fact that a security researcher putting vulnerabilities up for sale is flirting with criminality, this may be Mr. Hermansen's only way to attract of the company in these , which, according to the exchange of electronic messages with Jumping, have been ignored by FireEye the last 18 months !!.

According to her announcement Exploit Database, the zero-day vulnerability provides "unauthorized access to the remote root file system" to affected FireEye.

The flaw is in a PHP script that runs on a web page facing Apache . The zero-day vulnerability, which can be triggered remotely, when exploited, can give attackers access to local files.

The other vulnerabilities are basically injection commands and connection bypass errors. No additional details have been posted about them, but the Mr. Hermansen said that it will sell the vulnerability to the highest bidder.

FireEye, in general, is most misty and perhaps hatered by most security researchers, since last year sacked a security specialist to notify the public to vulnerabilities in the FireEye Malware Analysis System (MAS).

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).