Everyone was left gaping when they discovered the newest vulnerability called RWX vulnerability. It was very surprising because it was detected in the anti-virus products themselves – the software that is supposed to protect us from all these security problems. Even more surprising is that the vulnerability is found to be affecting many of the anti-virus solutions including the big names like Kaspersky, McAfee and AVG according to a blog post made by Ensilo Researchers. The RWX vulnerability is about a predictable memory address used by antivirus products that has read, write and execute (or RWX in short) access. Any potential attacker can insert and execute the code in this known memory address easily.
While some of the anti-virus vendors have quickly responded to these findings and updated their products, others are still investing into this. The Ensilo researchers have also mentioned that this vulnerability could also affect some other applications like web browsers. They have also offered some tools to check whether your PC is affected with the RWX vulnerability.
You can download the AVulnerabilityChecker application for Windows from the https://github.com/BreakingMalware/AVulnerabilityChecker. The download consists of the Python source code and the compiled executable binary AVulnerabilityChecker.exe that you can double-click on to launch.
Before running this vulnerability checker program, you should open two or more browser windows or tabs. From the source code, it is clear that you can use only Internet Explorer, Chrome or Firefox browsers for this. I opened two Chrome browser tabs and two Firefox browser tabs before it proceeded to scan. Then it asks you to close and relaunch all the browser windows and tabs, and press any key in the vulnerability checker. The results are displayed instantly and can either be that your system is vulnerable or that your system is not vulnerable. It provides no other information but points you to the Ensilo blog.
You can find more information about the RWX vulnerability from http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations.