Security News > 2021 > January > Malvuln Project Catalogues Vulnerabilities Found in Malware
A researcher has launched Malvuln, a project that catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.
The Malvuln website currently has 26 entries describing remotely exploitable buffer overflow vulnerabilities and privilege escalation flaws related to insecure permissions.
The list of targeted malware includes backdoors and trojans, as well as one email worm.
The researcher said he found all the vulnerabilities currently in the Malvuln database himself, but he suggested on Twitter that at some point - depending on where the project goes - he could also start accepting third-party contributions.
Page told SecurityWeek that the information hosted on Malvuln could turn out to be useful to incident response teams to "Eradicate a malware without touching the machine if it's a remote exploit." He added that it "May eventually pit a malware vs malware situation."
Greg Leah, director of threat intelligence at attribution intelligence and response firm HYAS, says the information could also be useful to malware developers and it could hamper ongoing research into malicious activity.