CVE-2018-15885

Name of the Vulnerable Software and Affected Versions Ovation FindMe version 1.4-1083-1

Description The issue concerns the transmission of network traffic from covert video recorders. It does not properly prevent binary analysis, making it easier for adversaries to detect the covert operation. The product uses a compression technique to obfuscate certain libraries in the software. It relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.

Recommendations For Ovation FindMe version 1.4-1083-1, consider restricting access to the software until a proper fix is available, and avoid using the TLS callback and additional executable file to minimize the risk of exploitation. As a temporary workaround, consider disabling the compression technique used for obfuscation until a patch is available.