2015-824: Remote code execution vulnerability in jar analysis
Wednesday, December 16, 2015 05:44:00 PM CET
Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.