In the beginning of this week we discovered a security flaw in the famous malware analysis framework „Cuckoo Sandbox“. We disclosed this bug to the developers on the 7th of October 2014. Not even three hours later the patch was verified and the updates were supplied by the developers.
The Cuckoo Sandbox Team already did a short write up to explain the nature of the bug: cuckoosandbox.org/2014-10-07-cuckoo-sandbox-111.html
We will provide a more detailed explanation and a simple proof-of-concept to exploit this bug. We recommend to update to the latest Cuckoo Sandbox version.
more here.........https://blog.gdatasoftware.com/blog/article/cuckoo-sandbox-evasion-poc-available.html
The Cuckoo Sandbox Team already did a short write up to explain the nature of the bug: cuckoosandbox.org/2014-10-07-cuckoo-sandbox-111.html
We will provide a more detailed explanation and a simple proof-of-concept to exploit this bug. We recommend to update to the latest Cuckoo Sandbox version.
more here.........https://blog.gdatasoftware.com/blog/article/cuckoo-sandbox-evasion-poc-available.html