Bypassing FireEye Detection Engine

  • In September 2015, Blue Frost Security discovered a high severity vulnerability in FireEye products.
  • The flaw is related to FireEye’s Virtual Execution Engine (VXE) – affected products includes FireEye Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX).
  • The cause is that the input file name is not sanitized before copying to VM which results in malicious activity going undetected.
  • Good news is that FireEye has patched this vulnerability. Please use releases FX 7.5.1, AX 7.7.0, NX 7.6.1 an dEX 7.6.2.

 

References and More Information

SecurityWeek.com

FireEye Security Adviosry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s