You may think that July is a little early to publish a “best of” blog but we thought, why wait? Our Core Labs team is busy working on new vulnerabilities, patches, and exploits but we wanted to take a minute and review all of the things they have found so far in 2016. Take a look at our top six blogs from the Core Labs team: MS16-039 – “Windows 10” 64 bits Integer Overflow exploitation by using GDI objects

June 28, 2016, By Nicolas Economou

This blogpost talks about how Nicolas triggered and exploited the CVE-2016-0165, one of the MS16-039 fixes.

Exploiting Internet Explorer’s MS15-106, Part I: VBScript Filter Type Confusion Vulnerability (CVE-2015-6055)

April 25, 2016, By Francisco Falcón

In October 13, 2015 Microsoft published security bulletin MS15-106, addressing multiple vulnerabilities in Internet Explorer. Zero Day Initiative published advisory ZDI-15-521 for one of those vulnerabilities affecting IE: Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability (CVE-2015-6055), so Francisco decided to take a shot at it.

Exploiting Internet Explorer’s MS15-106, Part II: JScript ArrayBuffer.slice Memory Disclosure (CVE-2015-6053)

June 14, 2016, By Francisco Falcón

This post talks about how to exploit another vulnerability, which was also addressed in the same MS15-106 bulletin, in order to bypass address space layout randomization. We are talking about JScript ArrayBuffer.slice Information Disclosure Vulnerability (CVE-2015-6053), which is described in Zero Day Initiative’s advisory ZDI-15-518.

  Getting Physical: Extreme abuse of Intel based Paging Systems – Part 1

May 10, 2016, By Nicolas Economou

The idea of these blog posts is to explain how the Windows/Linux Paging System is implemented and how they can be abused by kernel exploits.

Getting Physical: Extreme abuse of Intel based Paging Systems – Part 2 – Windows

June 21, 2016, By Nicolas Economou

In this second part, Nico explains which paging implementation has been chosen by Windows and how it works.

Analysis of Adobe Flash Player ID3 Tag Parsing Integer Overflow Vulnerability (CVE-2015-5560)

January 12, 2016, By Nahuel Riva

This vulnerability is about an integer overflow in Adobe Flash Player when parsing a compressed ID3 tag which size exceed 0x2AAAAAAA bytes. An error in how the size of a dynamic allocated buffer is calculated, used as destination for final decompressed data, produces that too much data is copied to a small buffer. In other words, a heap-based buffer overflow.