Comodo Antivirus PackMan Unpacker Insufficient Parameter Validation

Posted by deepcore on March 24, 2016 – 7:27 am

Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. If the compression method is set to algorithm 1, compression parameters are read directly from the input executable without validation. Fuzzing this unpacker revealed a variety of crashes due to this, such as causing pointer arithmetic in CAEPACKManUnpack::DoUnpack_With_NormalPack to move pksDeCodeBuffer.ptr to an arbitrary address, which allows an attacker to free() an arbitrary pointer. This issue is obviously exploitable to execute code as NT AUTHORITYSYSTEM.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Brandfolder 3.0 Remote / Local File Inclusion Joomla Easy Youtube Gallery 1.0.2 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Comodo Antivirus PackMan Unpacker Insufficient Parameter Validation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL