Solution
On June 22, 2015, ESET released Update 11824, which fixes a scanning engine vulnerability related to code emulation. The discovery was made by the Google Project Zero team and published on June 23, 2015. The vulnerability was found in the emulation routine used in a particular scanner for a specific malware family; it didn’t affect the core emulation engine. All ESET products and versions were affected. At the time of the notification, this code was already not present in our pre-release engine, and thus not vulnerable.
On June 29, 2015, ESET released another update, Update 11861, which fixes another vulnerability reported by the Google Project Zero team on June 26th, 2015. The vulnerability has been fixed in archive support module version 1231.
Since both fixes are distributed through automatic regular updates, please make sure that your detection engine is up to date, and that your support archive module is current. Products with detection engine version 11824 or later, and archive support module version 1231 or later, do not contain any of the vulnerabilities described above.
Business users can also verify the detection engine and modules version using ESET Remote Administrator:
Update ESET endpoint products (6.x)—check for latest product modules
For more details, please see the ESET blog related to this topic.
Keywords: Exploit, Google, Projet Zero
