Mr. Kristian Erik Hermansen, a security researcher based in Los Angeles, USA, found a zero-day bug in FireEye antivirus, along with three others vulnerabilities, which according to his Twitter account, are now for sale.
Despite the fact that a security researcher putting the vulnerabilities up for sale is flirting with crime, this may be Mr. Hermansen's only way to draw the company's attention to these errorthe, which, according to the counterchange electronic messages with Jumping, have been ignored by FireEye the last 18 months !!.
According to her announcement Exploit Database, the zero-day vulnerability provides "unauthorized access to the remote root filesystem" in affected FireEye applications.
The flaw is in a PHP script that runs on a web page that sees the Apache server. The zero-day vulnerability, which can be caused remotely when used, and provides attackers with access to local files.
The other vulnerabilities are against base injection εντολές και σφάλματα παράκαμψης σύνδεσης. Δεν έχουν αναρτηθεί επιπλέον λεπτομέρειες γι ‘αυτά, αλλά ο Mr. Hermansen said that it will sell the vulnerability to the highest bidder.
FireEye, in general, is most misty and perhaps hatered by most security researchers, since last year sacked a security specialist to notify the public to vulnerabilities in the FireEye Malware Analysis System (MAS).