Kaspersky Antivirus Yoda's Protector Unpacking Remote Memory Corruption
Posted by deepcore on October 14, 2015 – 10:25 am
The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using “Yoda’s protector”. This vulnerability is obviously exploitable for remote code execution as NT AUTHORITYSYSTEM on all systems using Kaspersky Antivirus.
Post a reply
You must be logged in to post a comment.