Credit: Tavis Ormandy
Tavis’ ESET shadow stack vulnerability is a backhanded slap to the Slovakian AV vendor, highlighting the massive pwnage possible by exploiting security solutions. Not only did Tavis disclosed a remote code execution vulnerability 4 days after reporting, this one is in the signature engine, available in practically any ESET product, has a thousand remote vectors (email/network/usb/web), is cross-platform and OS independent, AND he released a CUSTOMIZABLE WORKING EXPLOIT with a makefile and worm payload. He let them have it. The vuln is pretty cool, too, manipulating the real ESP via a shadow emulated stack pointer. A truly epic one.