Latest from CoreLabs

Read blog posts from CoreLabs, the research division of Core Security. CoreLabs prides itself on taking a holistic view of information security with a focus on developing solutions to complex, real-world security problems that affect our customers.

Continuing with the previous Getting Physical blog posts series (CanSec2016's presentation), this time I'm going to talk about what paging implementation has been chosen by Windows and how it works. At the same time and according to Alex Ionescu's blog post, it's interesting to see that Microsoft has started…

Read More

This is the second installment of a blog series titled "Exploiting Internet Explorer's MS15-106". If you haven't read part one, I recommend you to do so before starting with this second part. As mentioned in the previous blog post, in October 13, 2015 Microsoft…

Read More

In October 13, 2015 Microsoft published security bulletin MS15-106, addressing multiple vulnerabilities in Internet Explorer. Zero Day Initiative published advisory ZDI-15-521 for one of those vulnerabilities affecting IE: Microsoft Windows VBScript Filter Function Remote Code Execution Vulnerability (CVE-2015-6055), so I decided to…

Read More

Vulnerability Overview After Adobe released a patch for this vulnerability, it was made public that this bug was already being exploited in the wild by some exploit kits like Angler and Nuclear Pack. This vulnerability is about an integer overflow in Adobe Flash Player when…

Read More

On September 8, 2015 Microsoft published security bulletin MS15-100, which fixed a remote code execution vulnerability in Windows Media Center when opening specially crafted Media Center link (.MCL) files. The MCL file format is based on XML; an MCL file can be as simple…

Read More

Every once in a while I get to work on something special, something that leaves me with the keys to open new doors. Introduction: Not long ago I came across a certain font related vulnerability, it was a 0day being exploited in the wild. The…

Read More

On August 11, 2015 Microsoft released 14 security fixes, including an SMB Server fix. In this post I'll explain how I triggered the SMB Server bug. Microsoft Security Bulletin MS15-083: Of all the available patches, I focused in this one: Server Message Block Memory Corruption Vulnerability - CVE-2015-2474 "An authenticated remote code execution…

Read More

Windows has been around a long time. After years of evolving from one version to another, it is rare to find vulnerabilities that allow remote code execution from Windows XP to Windows 8.1 (32 and 64-bit) without any user interaction. In this blog post,…

Read More

Introduction In February, just a few days after CVE-2015-0311 was found being exploited in the wild, a new Adobe Flash Player vulnerability popped up. Trend Micro and SpiderLabs have already published their analysis of the bug, but I thought it would be worth providing my…

Read More

At the beginning of March we published a blog post analyzing CVE-2015-0311, a Use-After-Free vulnerability in Adobe Flash Player, and we outlined how to exploit it on Windows 7 SP1 machines. As we mentioned at the end of that article, the exploitation process…

Read More