Daffodil International University
Faculty of Science and Information Technology => Recent Technologies and Trends in Software Engineering => Software Engineering => Cyber and Software Security => Topic started by: maruf.swe on March 29, 2019, 02:08:15 AM
-
(https://media.threatpost.com/wp-content/uploads/sites/103/2019/03/19100653/ghidra.png)
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.
Ghidra, a free, open-source software reverse-engineering tool that was released by the National Security Agency at RSA, has been found to be a potential conduit to remote code-execution.
Ghidra is a disassembler written in Java; software that breaks down executable files into assembly code that can then be analyzed. By deconstructing malicious code and malware, cybersecurity professionals can gain a better understanding of potential vulnerabilities in their networks and systems. The NSA has used it internally for years, and recently decided to open-source it.
For More Details : https://threatpost.com/nsa-ghidra-bug-rce/142937/ (https://threatpost.com/nsa-ghidra-bug-rce/142937/)