# Critical flaw in ESET products



## TechSocial (Dec 20, 2011)

Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.

The discovery of the flaw, which has now been patched, comes on the heels of a report that intelligence agencies from the U.K. and the U.S. are reverse engineering antivirus products in search for vulnerabilities and methods to bypass detection.

The vulnerability in ESET products was discovered by Google security engineer Tavis Ormandy and was located in their emulator, the antivirus component responsible for unpacking and executing potentially malicious code inside a safe environment so that it can be scanned.

ESET did not immediately respond to a request for comment.
ESET emulator can be 'trivially compromised'

The ESET products monitor disk input and output operations and when executable code is detected they run it through the emulator to apply the detection signatures.

Because its so easy for attackers to trigger emulation of untrusted code, its critically important that the emulator is robust and isolated, Ormandy said in a blog post. Unfortunately, analysis of ESET emulation reveals that is not the case and it can be trivially compromised.

The vulnerability found by the Google researcher allows a remote attacker to execute arbitrary commands with the highest system privilege. The flaw is particularly dangerous because it can be exploited in many ways, including by simply loading a website in the browser, downloading an email message in a local email client, plugging a USB thumb drive into the computer and other actions that trigger disk operations.

Read More


----------

