|
|
Avast Antivirus: X.509 Error Rendering Command Execution | |||
| Project Member Reported by taviso@google.com, Sep 25 2015 | Back to list | |||
Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means CN="<h1>really?!?!?</h1>" actually works, and is pretty simple to convert into remote code execution. To verify this bug, I've attached a demo certificate for you. Please find attached key.pem, cert.pem and cert.der. Run this command to serve it from a machine with openssl: $ sudo openssl s_server -key key.pem -cert cert.pem -accept 443 Then visit that https server from a machine with Avast installed. Click the message that appears to demonstrate launching calc.exe. Thanks, Tavis. This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
,
Sep 30 2015
Avast are currently planning to push an update for this issue today.
,
Oct 1 2015
The patch for this issue is live, removing view restrictions.
,
Oct 7 2015
Will there ever be a CVE for this issue?
,
Oct 8 2015
Good Work, bug we are sad because there are so much people that thinks the antivirus is the best data shield. Greets
,
Oct 12 2015
Google! Please make Free and dependable antivirus for us..
,
Oct 12 2015
,
Nov 13 2015
|
||||
| ► Sign in to add a comment | ||||
884 bytes Download
1.2 KB Download
887 bytes Download