FireEye MPS JAR analyzer command execution

Added: 12/28/2015
BID: 78809

Background

The FireEye Malware Protection System (MPS) detects and eliminates malware found on file shares, web downloads, and e-mail.

Problem

A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR file containing obfuscated strings.

Resolution

Upgrade FireEye security content to version 427.334 or higher.

References

https://code.google.com/p/google-security-research/issues/detail?id=666

Limitations

Exploit requires a user on the monitored network to download the exploit file, which leads to a shell connection to the FireEye system.

Exploit requires the jar utility to be installed on the SAINT host.
Back to exploit index