You may think that July is a little early to publish a “best of” blog but we thought, why wait? Our Core Labs team is busy working on new vulnerabilities, patches, and exploits but we wanted to take a minute and review all of the things they have found so far in 2016. Take a look at our top six blogs from the Core Labs team: MS16-039 – “Windows 10” 64 bits Integer Overflow exploitation by using GDI objects
June 28, 2016, By Nicolas Economou
This blogpost talks about how Nicolas triggered and exploited the CVE-2016-0165, one of the MS16-039 fixes.
April 25, 2016, By Francisco Falcón
In October 13, 2015 Microsoft published security bulletin MS15-106, addressing multiple vulnerabilities in Internet Explorer. Zero Day Initiative published advisory ZDI-15-521 for one of those vulnerabilities affecting IE: Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability (CVE-2015-6055), so Francisco decided to take a shot at it.
June 14, 2016, By Francisco Falcón
This post talks about how to exploit another vulnerability, which was also addressed in the same MS15-106 bulletin, in order to bypass address space layout randomization. We are talking about JScript ArrayBuffer.slice Information Disclosure Vulnerability (CVE-2015-6053), which is described in Zero Day Initiative’s advisory ZDI-15-518.
May 10, 2016, By Nicolas Economou
The idea of these blog posts is to explain how the Windows/Linux Paging System is implemented and how they can be abused by kernel exploits.
June 21, 2016, By Nicolas Economou
In this second part, Nico explains which paging implementation has been chosen by Windows and how it works.
January 12, 2016, By Nahuel Riva
This vulnerability is about an integer overflow in Adobe Flash Player when parsing a compressed ID3 tag which size exceed 0x2AAAAAAA bytes. An error in how the size of a dynamic allocated buffer is calculated, used as destination for final decompressed data, produces that too much data is copied to a small buffer. In other words, a heap-based buffer overflow.