In yesterday’s post, we noted that the Sans 2007 Top 20 list contains some obvious trends away from OS components targeted by network worms and more towards third party components.
Today’s Cisco Security Agent Advisory is a casualty in that direction. CSA is Cisco’s host-based security product (it would be installed on your system like any other piece of software) that makes for a juicy remote exploit target because it’s remotely accessible. This vulnerability, unfortunately, also leads further down the path of complexity and into the kernel:
“A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.”