- In September 2015, Blue Frost Security discovered a high severity vulnerability in FireEye products.
- The flaw is related to FireEye’s Virtual Execution Engine (VXE) – affected products includes FireEye Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX).
- The cause is that the input file name is not sanitized before copying to VM which results in malicious activity going undetected.
- Good news is that FireEye has patched this vulnerability. Please use releases FX 7.5.1, AX 7.7.0, NX 7.6.1 an dEX 7.6.2.
References and More Information