Dive into a comprehensive case study on exploiting CVE-2023-20032, a heap-buffer-overflow vulnerability in ClamAV, an open-source antivirus engine maintained by Cisco. Explore the challenges of remotely exploiting antivirus software and learn about a unique technique to bypass ASLR. Understand the potential impact of compromising ClamAV, which is widely used in email servers and appliances, potentially allowing attackers to access emails and control network traffic. Gain insights into the large attack surface exposed by antivirus engines and the difficulties posed by modern mitigations. Discover the lessons learned from developing a reliable exploit that achieves remote code execution, and consider how this technique can be applied to similar targets.
Overview
Syllabus
Recon 2023 Simon Scannell Remotely Exploiting An Antivirus Engine
Taught by
Recon Conference