Hello DD, Vulnerabilities in defense oriented software are always kind of funny (CVE-2005-3252, CVE-2007-3302, CVE-2010-3189, etc). Some people even make a sport of it (http://bit.ly/144o2C). Well it's time to refill the chuckle trough because our good friends over at GLEG.net, who you know from their recent SCADA exploit shenanigans, have added an exploit for an arbitrary command execution in Symantec anti-virus to CANVAS via their Agora exploit pack.
This vulnerability has been out since August of 2010 but I'm willing to wager a non-trivial portion of anti-virus admins only care if their definitions are up to date. So this could be fun when you find yourself in the soft nougat center of a network. A little python scripting work and you've got yourself local admin accounts across an enterprise. Here's a video demo for your perusal: http://partners.immunityinc.com/movies/gleg-symantecams.zip Pricing and purchasing questions can be sent to: [email protected] Cheers, -AlexM -- Alex McGeorge Immunity Inc. 1130 Washington Avenue 8th Floor Miami Beach, Florida 33139 P: 786.220.0600 _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
