VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through addImport() or removeImport(), which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 IV. SOLUTION Apply MS14-037 security update. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://technet.microsoft.com/library/security/ms14-037 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1763 VIII. DISCLOSURE TIMELINE - 2014-01-24 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI / Microsoft During Pwn2Own 2014 2014-07-08 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer Request Object Confusion Sandbox Bypass (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer Request Object Confusion Sandbox Bypass (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 IV. SOLUTION Apply MS14-035 security update. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://technet.microsoft.com/library/security/ms14-035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1764 VIII. DISCLOSURE TIMELINE - 2011-11-30 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014 2014-06-10 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass (Pwn2Own 2014)
VUPEN Security Research - Microsoft Internet Explorer ShowSaveFileDialog() Protected Mode Sandbox Bypass (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling ShowSaveFileDialog(), which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 11 Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 IV. SOLUTION Apply MS14-035 security update. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://technet.microsoft.com/library/security/ms14-035 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2777 VIII. DISCLOSURE TIMELINE - 2011-02-12 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014 2014-06-10 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure
VUPEN Security Research - Microsoft Windows DirectShow Privilege Escalation Vulnerability (Pwn2Own 2014)
VUPEN Security Research - Microsoft Windows DirectShow Local Privilege Escalation Vulnerability (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing Stretch objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox. III. AFFECTED PRODUCTS --- Microsoft Windows 8.1 Microsoft Windows 8 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 Service Pack 1 and prior Microsoft Windows 7 Service Pack 1 and prior Microsoft Windows Server 2008 Service Pack 2 and prior Microsoft Windows Vista Service Pack 2 and prior IV. SOLUTION Apply MS14-041 security update. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://technet.microsoft.com/library/security/ms14-041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780 VIII. DISCLOSURE TIMELINE - 2014-01-14 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014 2014-07-08 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure
VUPEN Security Research - Adobe Acrobat Reader XI-X AcroBroker Sandbox Bypass (Pwn2Own)
VUPEN Security Research - Adobe Acrobat Reader XI-X AcroBroker Sandbox Bypass (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an input validation error in the AcroBroker.exe component when processing local file paths, which could be exploited by attackers to write malicious files to any location on the disk and bypass Adobe Acrobat's sandbox. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader XI version 11.0.06 and prior Adobe Acrobat and Reader XI version 10.1.9 and prior IV. SOLUTION Upgrade to Adobe Acrobat and Reader XI v11.0.07 or X v10.1.10. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://helpx.adobe.com/security/products/reader/apsb14-15.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0512 VIII. DISCLOSURE TIMELINE - 2013-12-05 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014 2014-05-13 - Vulnerability Fixed by Adobe 2014-05-26 - Public disclosure
VUPEN Security Research - Adobe Acrobat Reader XI-X Barcode Heap Overflow (Pwn2Own)
VUPEN Security Research - Adobe Acrobat Reader XI-X Barcode Heap Overflow (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing the width and height fields of a barcode element in a PDF, which could be exploited to execute arbitrary code via a malicious PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader XI version 11.0.06 and prior Adobe Acrobat and Reader XI version 10.1.9 and prior IV. SOLUTION Upgrade to Adobe Acrobat and Reader XI v11.0.07 or X v10.1.10. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://helpx.adobe.com/security/products/reader/apsb14-15.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0511 VIII. DISCLOSURE TIMELINE - 2013-07-31 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014 2014-05-13 - Vulnerability Fixed by Adobe 2014-05-26 - Public disclosure
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the ExternalInterface class from the browser, which could be exploited to achieve code execution via a malicious web page. III. AFFECTED PRODUCTS --- Adobe Flash versions prior to 13.0.0.182 IV. SOLUTION Upgrade to Adobe Flash v13.0.0.182. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://zerodayinitiative.com/advisories/ZDI-14-092/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506 VIII. DISCLOSURE TIMELINE - 2014-01-28 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014 2014-04-08 - Vulnerability Fixed by Adobe 2014-04-14 - Public disclosure
VUPEN Security Research - Google Chrome Clipboard::WriteData() Function Sandbox Escape (Pwn2Own)
VUPEN Security Research - Google Chrome Clipboard Format Processing Sandbox Escape (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebKit fork Blink. As of 2013, StatCounter estimates that Google Chrome has a 39% worldwide usage share of web browsers (Wikipedia). II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the Clipboard::WriteData() function that does not restrict the value of the format parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 33.0.1750.154 IV. SOLUTION Upgrade to Chrome version version 33.0.1750.154. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html VIII. DISCLOSURE TIMELINE - 2013-12-19 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Google/ZDI During Pwn2Own 2014 2014-03-14 - Vulnerability Fixed by Google 2014-03-26 - Public disclosure
VUPEN Security Research - Google Chrome Blink locationAttributeSetter Use-after-free (Pwn2Own)
VUPEN Security Research - Google Chrome Blink locationAttributeSetter Use-after-free (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebKit fork Blink. As of 2013, StatCounter estimates that Google Chrome has a 39% worldwide usage share of web browsers (Wikipedia). II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the DocumentV8Internal::locationAttributeSetter() function when processing document.location objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 33.0.1750.154 IV. SOLUTION Upgrade to Chrome version version 33.0.1750.154. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html VIII. DISCLOSURE TIMELINE - 2014-01-26 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Google/ZDI During Pwn2Own 2014 2014-03-14 - Vulnerability Fixed by Google 2014-03-26 - Public disclosure
VUPEN Security Research - Mozilla Firefox BumpChunk Object Processing Use-after-free (Pwn2Own)
VUPEN Security Research - Mozilla Firefox BumpChunk Object Processing Use-after-free (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android, by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. As of February 2014, Firefox has between 12% and 22% of worldwide usage, according to different sources. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing BumpChunk objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 28 Mozilla Firefox ESR versions prior to 24.4 Mozilla Thunderbird versions prior to 24.4 Mozilla Seamonkey versions prior to 2.25 IV. SOLUTION Upgrade to Firefox v28, Firefox ESR v24.4, Thunderbird v24.4 and Seamonkey v2.25. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- https://www.mozilla.org/security/announce/2014/mfsa2014-30.html VIII. DISCLOSURE TIMELINE - 2014-01-19 - Vulnerability Discovered by VUPEN Security 2014-03-12 - Vulnerability Reported to Mozilla/ZDI During Pwn2Own 2014 2014-03-18 - Vulnerability Fixed by Mozilla 2014-03-26 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059)
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a private exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect their systems against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-059 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas of VUPEN Security. VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-059 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-03-04 - Vulnerability Discovered by VUPEN and Privately Shared with Customers 2013-03-06 - Vulnerability Reported to Microsoft During Pwn2Own 2013 2013-08-13 - Vulnerability Fixed by MS13-059 2013-08-30 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer ReplaceAdjacentText Use-after-free (MS13-059)
VUPEN Security Research - Microsoft Internet Explorer ReplaceAdjacentText Use-after-free (MS13-059) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML SlayoutRun::GetCharacters() function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a private exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect their systems against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-059 security update. VII. CREDIT -- This vulnerability was discovered by Alexandre of VUPEN Security. VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-059 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-09-25 - Vulnerability Discovered by VUPEN and Privately Shared with Customers 2013-08-13 - Vulnerability Fixed by MS13-059 2013-08-30 - Public disclosure
VUPEN Security Research - Microsoft Windows LdrHotPatchRoutine Remote ASLR Bypass (Pwn2Own 2013 / MS13-063)
Microsoft Windows LdrHotPatchRoutine Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the ntdll.LdrHotPatchRoutine function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass. III. AFFECTED PRODUCTS --- Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a private exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect their systems against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-063 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas of VUPEN Security. VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-063 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-09-15 - Vulnerability Discovered by VUPEN and Privately Shared with Customers 2013-03-06 - Vulnerability Reported to Microsoft During Pwn2Own 2013 2013-08-13 - Vulnerability Fixed by MS13-063 2013-08-30 - Public disclosure
VUPEN Security Research - Mozilla Firefox Maintenance Service Privilege Escalation Vulnerabilities
VUPEN Security Research - Mozilla Firefox Maintenance Service Local Privilege Escalation Vulnerabilities Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation and Mozilla Foundation. As of October 2012, Firefox has approximately 20% to 24% of worldwide usage share of web browsers, making it the third most used web browser. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered high risk vulnerabilities in Mozilla Firefox. The vulnerabilities are caused by errors in the Mozilla Maintenance Service on Windows when interacting with local software, which could allow local unprivileged users to execute arbitrary code with SYSTEM privileges. It is of course possible to combine these vulnerabilities with a remote Firefox memory corruption to achieve a remote SYSTEM code execution. III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 21.0 Mozilla Firefox ESR versions prior to 17.0.6 Mozilla Thunderbird versions prior to 17.0.6 Mozilla Thunderbird ESR versions prior to 17.0.6 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a private exploit will be available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Mozilla Firefox 21.0 or ESR 17.0.6. Upgrade to Mozilla Thunderbird or Thunderbird ESR 17.0.6 VII. CREDIT -- This vulnerability was discovered by Richard L. of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.mozilla.org/security/announce/2013/mfsa2013-44.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - -**-** - Vulnerability Discovered by VUPEN 2013-05-14 - Vulnerability Fixed by Mozilla 2013-07-08 - Public disclosure
VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability
VUPEN Security Research - Oracle Java Applet Preloader Click-2-Play Warning Bypass Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Java is the foundation for virtually every type of networked application and is the global standard for developing and delivering mobile applications, games, Web-based content, and enterprise software. (Oracle) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction III. AFFECTED PRODUCTS --- Oracle Java version 7u21 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a private exploit will be available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Java 7u25 or later. VII. CREDIT -- This vulnerability was discovered by Florent H. of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - -**-** - Vulnerability Discovered by VUPEN 2013-06-18 - Vulnerability Fixed in Java 7u25 2013-07-08 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an integer overflow error in the vml.dll component when processing certain undocumented vector graphic properties, which could be exploited by remote attackers to leak arbitrary memory and compromise a vulnerable system via a malicious web page. CVE: CVE-2013-2551 III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows RT Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit will be available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-037 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-037 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-11-09 - Vulnerability Discovered by VUPEN 2013-03-06 - Vulnerability Reported to Microsoft During Pwn2Own 2013 2013-05-20 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)
VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion error in the IE broker process when processing unexpected variant objects, which could allow an attacker to execute arbitrary code within the context of the broker process to bypass Internet Explorer Protected Mode sandbox. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Windows RT Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit will be available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-037 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-037 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-11-23 - Vulnerability Discovered by VUPEN 2013-03-06 - Vulnerability Reported to Microsoft During Pwn2Own 2013 2013-05-20 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 Scroll Use-after-free (MS13-028)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 Scroll Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the CWindow::scroll() function within mshtml.dll when processing specially crafted Scroll events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows RT Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-028 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb13-11.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-06-07 - Vulnerability Discovered by VUPEN and shared with VUPEN TPP customers 2013-04-09 - MS13-028 Released By Microsoft 2013-05-02 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 CDisplayPointer Use-after-free (MS13-028)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 CDisplayPointer Use-after-free (MS13-028) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the CDisplayPointer::MoveToMarkupPointer() function within mshtml.dll when processing CDisplayPointer objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows RT Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows Server 2012 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-028 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb13-11.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-04-05 - Vulnerability Discovered by VUPEN and shared with VUPEN TPP customers 2013-04-09 - MS13-028 Released By Microsoft 2013-05-02 - Public disclosure
VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion (CVE-2013-2555)
VUPEN Security Research - Adobe Flash Player RTMP Data Processing Object Confusion Code Execution (CVE-2013-2555) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. III. AFFECTED PRODUCTS --- Adobe Flash Player versions prior to 11.7.700.169 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Flash Player version 11.7.700.169. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb13-11.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-02-15 - Vulnerability Discovered by VUPEN 2013-03-06 - Vulnerability Exploited At Pwn2Own 2013 and Reported to Adobe 2013-04-17 - Public disclosure
VUPEN Security Research - Mozilla Firefox nsHTMLEditRules Use-After-Free (MFSA-2013-29 / CVE-2013-0787)
VUPEN Security Research - Mozilla Firefox nsHTMLEditRules Use-After-Free (MFSA-2013-29 / CVE-2013-0787) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open source web browser coordinated by Mozilla Corporation and Mozilla Foundation. As of August 2012, Firefox has approximately 23% of worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL nsHTMLEditRules::nsHTMLEditRules() function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. The vulnerability has been exploited during Pwn2Own 2013. III. AFFECTED PRODUCTS --- Mozilla Firefox version 19.0.1 and prior Mozilla Firefox ESR version 17.0.3 and prior Mozilla Thunderbird version 17.0.3 and prior Mozilla Thunderbird ESR version 17.0.3 and prior Mozilla SeaMonkey version 2.16 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to the following versions: Firefox 19.0.2 or later Firefox ESR 17.0.4 or later Thunderbird 17.0.4 or later Thunderbird ESR 17.0.4 or later SeaMonkey 2.16.1 or later VII. CREDIT -- This vulnerability was discovered and exploited by Chaouki Bekrar, Jordan Gruskovnjak, and Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- https://www.mozilla.org/security/announce/2013/mfsa2013-29.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2013-02-26 - Vulnerability Discovered by VUPEN 2013-03-06 - Vulnerability Reported to Mozilla by VUPEN During Pwn2Own 2013 2013-03-07 - MFSA-2013-29 security bulletin released 2013-03-18 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 OnResize Use-after-free (MS13-021 / CVE-2013-0087)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 OnResize Use-after-free (MS13-021 / CVE-2013-0087) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML CElement::EnsureRecalcNotify() function when processing onResize events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-021 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- https://technet.microsoft.com/en-us/security/bulletin/ms13-021 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-06-29 - Vulnerability Discovered by VUPEN and shared with VUPEN TPP customers 2013-03-12 - MS13-021 security bulletin released 2013-03-18 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 OnMove Use-after-free (MS13-021 / CVE-2013-0087)
VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 OnMove Use-after-free (MS13-021 / CVE-2013-0087) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML CElement::EnsureRecalcNotify() function when processing onMove events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-021 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- https://technet.microsoft.com/en-us/security/bulletin/ms13-021 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-06-29 - Vulnerability Discovered by VUPEN and shared with VUPEN TPP customers 2013-03-12 - MS13-021 security bulletin released 2013-03-18 - Public disclosure
VUPEN Security Research - Microsoft Windows OLE Automation Code Execution Vulnerability
VUPEN Security Research - Microsoft Windows OLE Automation Remote Code Execution Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the SysAllocStringLen() function within the Oleaut32.dll (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS13-020 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cybersecurity intelligence and advanced vulnerability research. VUPEN solutions enable corporations and governments to manage risks, and protect critical networks and infrastructures against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms13-020 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-08-05 - Vulnerability Discovered by VUPEN and shared with customers 2013-02-12 - MS13-020 security bulletin released 2013-02-20 - Public disclosure
VUPEN Security Research - Mozilla Firefox imgRequestProxy Remote Use-After-Free Vulnerability
VUPEN Security Research - Mozilla Firefox imgRequestProxy Class Remote Use-After-Free Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open source web browser and coordinated by Mozilla Corporation and Mozilla Foundation. As of August 2012, Firefox has approximately 23% of worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the imgRequestProxy::OnStopRequest() function, which could allow remote attackers to execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 17.0 Mozilla Firefox ESR versions prior to 10.0.11 Mozilla Thunderbird versions prior to 17.0 Mozilla Thunderbird ESR versions prior to 10.0.11 Mozilla SeaMonkey versions prior to 2.14 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Firefox 17.0, Firefox ESR 10.0.11, Thunderbird 17.0, Thunderbird ESR 10.0.11 or SeaMonkey 2.14. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.mozilla.org/security/announce/ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-09-10 - Vulnerability Discovered by VUPEN and shared with customers 2012-11-22 - Public disclosure
VUPEN Security Research - Mozilla Firefox DocumentViewerImpl Class Remote Use-After-Free Vulnerability
VUPEN Security Research - Mozilla Firefox DocumentViewerImpl Class Remote Use-After-Free Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open source web browser and coordinated by Mozilla Corporation and Mozilla Foundation. As of August 2012, Firefox has approximately 23% of worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the DocumentViewerImpl::Show() function, which could allow remote attackers to execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 17.0 Mozilla Firefox ESR versions prior to 10.0.11 Mozilla Thunderbird versions prior to 17.0 Mozilla Thunderbird ESR versions prior to 10.0.11 Mozilla SeaMonkey versions prior to 2.14 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Firefox 17.0, Firefox ESR 10.0.11, Thunderbird 17.0, Thunderbird ESR 10.0.11 or SeaMonkey 2.14. VII. CREDIT -- This vulnerability was discovered by Jordan Gruskovnjak of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.mozilla.org/security/announce/ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-06-22 - Vulnerability Discovered by VUPEN and shared with customers 2012-11-22 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer OnMove Use-After-Free Vulnerability (MS12-063)
VUPEN Security Research - Microsoft Internet Explorer OnMove Use-After-Free Vulnerability (MS12-063) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll component when processing certain onMove events, which could allow remote attackers execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-063 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-063 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-06-15 - Vulnerability Discovered by VUPEN and shared with customers 2012-09-21 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer scrollIntoView Use-After-Free Vulnerability (MS12-063)
VUPEN Security Research - Microsoft Internet Explorer scrollIntoView Use-After-Free Vulnerability (MS12-063) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll component when processing certain scrollIntoView events, which could allow remote attackers execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-063 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-063 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-10-10 - Vulnerability Discovered by VUPEN and shared with customers 2012-09-21 - Public disclosure
VUPEN Security Research - Oracle Java Font Processing maxPointCount Heap Overflow Vulnerability
VUPEN Security Research - Oracle Java Font Processing maxPointCount Heap Overflow Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a heap overflow error within the t2k.dll component when processing a malformed maxPointCount field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JRE 7u7 and prior Oracle Java JDK 7u7 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit or PoC are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Oracle Java 7u9 or later VII. CREDIT -- This vulnerability was discovered by Florent Hochwelker of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-09-23 - Vulnerability Discovered by VUPEN 2012-10-16 - Public disclosure
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability
VUPEN Security Research - Oracle Java Font Processing Glyph Element Memory Corruption Vulnerability Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a memory corruption error within the t2k.dll component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JRE 7u7 and prior Oracle Java JDK 7u7 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit or PoC are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Oracle Java 7u9 or later VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- -- Chaouki Bekrar - VUPEN CEO Head of Research Email: bek...@vupen.com Phone: +33 434 883 580 Fax: +33 434 883 581 http://www.vupen.com http://twitter.com/vupen http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-09-26 - Vulnerability Discovered by VUPEN 2012-10-16 - Public disclosure
VUPEN - Adobe Flash Player Matrix3D Integer Overflow Code Execution (APSB12-19)
VUPEN Security Research - Adobe Flash Player Matrix3D Integer Overflow Code Execution (APSB12-19) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an integer overflow error in the copyRawDataTo() method within the Matrix3D class when processing malformed arguments, which could allow remote attackers execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Adobe Flash Player version 11.3.300.271 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional exploit including ASLR/DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Flash Player 11.4.402.265 VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb12-19.html http://www.vupen.com X. DISCLOSURE TIMELINE - 2012-01-25 - Vulnerability Discovered by VUPEN and shared with customers 2012-08-21 - Public disclosure
VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060)
VUPEN Security Research - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft products. The vulnerability is caused by a use-after-free error in the TabStrip Control within the MSCOMCTL.OCX component, which could allow remote attackers execute arbitrary code via a specially crafted web page or malicious Office document. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Office 2010 Service Pack 1 Microsoft Office 2007 Service Pack 3 Microsoft Office 2007 Service Pack 2 Microsoft Office 2003 Web Components Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2008 Microsoft SQL Server 2005 Microsoft SQL Server 2000 Microsoft Commerce Server 2009 R2 Microsoft Commerce Server 2009 Microsoft Commerce Server 2007 Service Pack 2 Microsoft Commerce Server 2002 Service Pack 4 Microsoft Host Integration Server 2004 Service Pack 1 Microsoft Visual FoxPro 8.0 Service Pack 1 Microsoft Visual FoxPro 9.0 Service Pack 2 Microsoft Visual Basic 6.0 Runtime IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional exploit including ASLR/DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-060 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-060 http://www.vupen.com X. DISCLOSURE TIMELINE - 2010-09-06 - Vulnerability Discovered by VUPEN and shared with customers 2012-08-14 - Public disclosure
VUPEN - Mozilla Firefox nsHTMLEditRules Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58)
VUPEN Security Research - Mozilla Firefox nsHTMLEditRules Remote Use-after-free (CVE-2012-3958 / MFSA 2012-58) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Mozilla Firefox is a free and open source web browser and coordinated by Mozilla Corporation and Mozilla Foundation. As of August 2012, Firefox has approximately 23% of worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the setUserData() method within the nsHTMLEditRules class, which could allow remote attackers execute arbitrary code via a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Mozilla Firefox versions prior to 15 Mozilla Firefox ESR versions prior to 10.0.7 Mozilla Thunderbird versions prior to 15 Mozilla Thunderbird ESR versions prior to 10.0.7 Mozilla SeaMonkey versions prior to 2.12 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a fully functional exploit including DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Firefox 15, Firefox ESR 10.0.7, Thunderbird 15, Thunderbird ESR 10.0.7, and SeaMonkey 2.12. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leading provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.vupen.com X. DISCLOSURE TIMELINE - 2012-07-15 - Vulnerability Discovered by VUPEN and shared with customers 2012-08-28 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer CollectionCache Remote Use-after-free (MS12-037)
VUPEN Security Research - Microsoft Internet Explorer CollectionCache Remote Use-after-free (MS12-037) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 8 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a functional exploit including ASLR and DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-037 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-06-15 - Vulnerability Discovered by VUPEN and shared with customers 2012-06-12 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer GetAtomTable Remote Use-after-free (MS12-037 / CVE-2012-1875)
VUPEN Security Research - Microsoft Internet Explorer GetAtomTable Remote Use-after-free (MS12-037 / CVE-2012-1875) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 8 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a functional exploit including ASLR and DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-037 security update. VII. CREDIT -- This vulnerability was discovered by Jordan Gruskovnjak of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-04-03 - Vulnerability Discovered by VUPEN and shared with customers 2012-06-12 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer Col Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
VUPEN Security Research - Microsoft Internet Explorer Col Element Remote Heap Overflow (MS12-037 / CVE-2012-1876) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing Col elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows 8 for 32-bit Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a functional exploit including ASLR and DEP bypass are available through the VUPEN BAE (Binary Analysis Exploits) portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS12-037 security update. VII. CREDIT -- This vulnerability was discovered by Alexandre Pelletier of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://www.vupen.com/english/research.php
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773)
VUPEN Security Research - Adobe Flash Player NetStream Remote Code Execution Vulnerability (APSB12-07 / CVE-2012-0773) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via NetStream.appendBytes, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Adobe Flash Player versions prior to 11.2.202.228 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a working exploit are available through the VUPEN Binary Analysis Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. SOLUTION Upgrade to Adobe Flash Player version 11.2.202.228. VI. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VII. ABOUT VUPEN Security --- VUPEN is the leadering provider of advanced vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php VIII. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb12-07.html http://www.vupen.com/english/research.php IX. DISCLOSURE TIMELINE - 2012-03-07 - Vulnerability Demonstrated at Pwn20wn 2012-04-18 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172)
VUPEN Security Research - Microsoft Internet Explorer VML Remote Code Execution (MS12-023 / CVE-2012-0172) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the vgx.dll component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a working exploit are available through the VUPEN Binary Analysis Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the Microsoft MS12-023 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms12-023 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-02-28 - Vulnerability Discovered by VUPEN and shared with TPP customers 2012-04-10 - Public disclosure
VUPEN Security Research - Adobe Flash Player Matrix3D Remote Memory Corruption (CVE-2012-0768)
VUPEN Security Research - Adobe Flash Player Matrix3D Remote Memory Corruption (APSB12-05 / CVE-2012-0768) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. Flash Player delivers breakthrough web experiences to over 98% of Internet users. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- Adobe Flash Player version 11.1.102.62 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Flash Player version 11.1.102.63. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb12-05.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2012-01-27 - Vulnerability Discovered by VUPEN 2012-03-15 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow Vulnerability (APSB12-01) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an integer overflow error when processing malformed image data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1.1) and prior Adobe Acrobat and Reader 9.4.7 and prior IV. Binary Analysis Exploits/PoCs --- In-depth technical analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal: http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X version 10.1.2 or Adobe Acrobat and Reader version 9.5. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb12-01.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-12 - Vulnerability Discovered by VUPEN and shared with Gov customers 2012-01-11 - Public disclosure
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090)
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the mshtml.dll module when handling a specific Time behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-090 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms11-090 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-11-23 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-12-16 - Public disclosure
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092)
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows Media Player (WMP) is a media player and media library application that is used for playing audio, video and viewing images on personal computers running the Microsoft Windows operating system. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows Media Player. The vulnerability is caused by a buffer overflow error in the XDSCodec Encypter/Decrypter Tagger Filters ENCDEC.DLL within Windows Media Player when processing certain fields within a DVR-MS (Digital Video Recording) file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or a malicious .dvr-ms media file. III. AFFECTED PRODUCTS --- Microsoft Windows XP Media Center Edition 2005 Service Pack 3 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows 7 (32-bit) Microsoft Windows 7 (32-bit) Service Pack 1 Microsoft Windows 7 (x64) Microsoft Windows 7 (x64) Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-092 security update. VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms11-092 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-05-03 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-12-16 - Public disclosure
VUPEN Security Research - Adobe Flash Player SAlign Memory Corruption Vulnerability (CVE-2011-2459)
VUPEN Security Research - Adobe Flash Player SAlign Memory Corruption Vulnerability (CVE-2011-2459) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. Flash Player delivers breakthrough web experiences to over 98% of Internet users. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Adobe Flash Player. The vulnerability is caused by an uninitialized stack variable when processing an invalid SAlign property of the Flash ActiveX control, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Adobe Flash Player versions prior to 11.1.102.55 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Flash Player version 11.1.102.55 VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-28.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-01-27 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-12-16 - Public disclosure
VUPEN Security Research - Microsoft Windows datime.dll Remote Code Execution Vulnerability (MS11-090)
VUPEN Security Research - Microsoft Windows datime.dll Remote Code Execution Vulnerability (MS11-090) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the TIME (datime.dll) module when loaded via a specific behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-090 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recognized as Company of the Year 2011 in the Vulnerability Research Market by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms11-090 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-07-12 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-12-16 - Public disclosure
VUPEN Security Research - Microsoft Internet Explorer X-UA-COMPATIBLE Use-after-free Vulnerability
VUPEN Security Research - Microsoft Internet Explorer X-UA-COMPATIBLE Use-after-free Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll component when processing the X-UA-COMPATIBLE keyword of a META tag, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for 32-bit Systems Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-081 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/MS11-081 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-03-09 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-10-12 - Public disclosure
VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability
VUPEN Security Research - Google Chrome WebKit Engine Ruby Tag Stale Pointer Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a web browser developed by Google that uses the WebKit layout engine. As of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Google Chrome. The vulnerability is caused by a stale pointer in the WebKit engine when deleting a Ruby tag and its children in a specific order, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 14.0.835.202 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Google Chrome version 14.0.835.202 VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-09-20 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-10-05 - Public disclosure
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability
VUPEN Security Research - Google Chrome WebKit Engine Child Tag Deletion Stale Pointer Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Google Chrome is a web browser developed by Google that uses the WebKit layout engine. As of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a vulnerability in Google Chrome. The vulnerability is caused by a stale pointer in the WebKit engine when deleting certain child tags in a specific order, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page. III. AFFECTED PRODUCTS --- Google Chrome versions prior to 14.0.835.202 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Google Chrome version 14.0.835.202 VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://googlechromereleases.blogspot.com/2011/10/stable-channel-update.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-06-06 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-10-05 - Public disclosure
VUPEN Security Research - Novell GroupWise TZNAME Remote Buffer Overflow Vulnerability
VUPEN Security Research - Novell GroupWise Calendar TZNAME Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Novell GroupWise is a messaging and collaborative software platform that supports email, calendaring, personal information management, instant messaging, and document management. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the NgwiCalVTimeZoneBody::ParseSelf() function within the G1.dll component when processing an overly long TZNAME variable in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Novell GroupWise v8.0.2 (SP2) Hot Patch 2 (HP2) and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Novell GroupWise v8.0.2 (SP2) Hot Patch 3 (HP3) VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://download.novell.com/Download?buildid=gBjwGIdt77s~ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-11-22 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-27 - Public disclosure
VUPEN Security Research - Novell GroupWise BYWEEKNO Remote Memory Corruption Vulnerability
VUPEN Security Research - Novell GroupWise Calendar BYWEEKNO Remote Memory Corruption Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Novell GroupWise is a messaging and collaborative software platform that supports email, calendaring, personal information management, instant messaging, and document management. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the ICalProcessYearlyRule() function within the g1.dll component when processing a malformed BYWEEKNO property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Novell GroupWise v8.0.2 (SP2) Hot Patch 2 (HP2) and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Novell GroupWise v8.0.2 (SP2) Hot Patch 3 (HP3) VII. CREDIT -- This vulnerability was discovered by Alexandre Pelletier of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://download.novell.com/Download?buildid=gBjwGIdt77s~ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-02-02 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-27 - Public disclosure
VUPEN Security Research - Novell GroupWise integerList Remote Buffer Overflow Vulnerability
VUPEN Security Research - Novell GroupWise Calendar integerList Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Novell GroupWise is a messaging and collaborative software platform that supports email, calendaring, personal information management, instant messaging, and document management. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the NgwIRecurParam::integerList() function within the g1.dll component when processing a malformed RRULE integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Novell GroupWise v8.0.2 (SP2) Hot Patch 2 (HP2) and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Novell GroupWise v8.0.2 (SP2) Hot Patch 3 (HP3) VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://download.novell.com/Download?buildid=gBjwGIdt77s~ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-11-17 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-27 - Public disclosure
VUPEN Security Research - Novell GroupWise RRULE Remote Buffer Overflow Vulnerability
VUPEN Security Research - Novell GroupWise Calendar RRULE Remote Buffer Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Novell GroupWise is a messaging and collaborative software platform that supports email, calendaring, personal information management, instant messaging, and document management. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the NgwIRecurByWeekdayParam::bywdaylist() function within the g1.dll component when processing a malformed RRULE property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Novell GroupWise v8.0.2 (SP2) Hot Patch 2 (HP2) and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits portal : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Novell GroupWise v8.0.2 (SP2) Hot Patch 3 (HP3) VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://download.novell.com/Download?buildid=gBjwGIdt77s~ http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-11-16 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-27 - Public disclosure
VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability
VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use. (microsoft.com) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a heap corruption error when processing malformed Formula records within an Excel document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted XLS document. III. AFFECTED PRODUCTS --- Microsoft Office 2010 Microsoft Office 2007 Service Pack 2 Microsoft Office 2003 Service Pack 3 Microsoft Office 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS11-072 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://technet.microsoft.com/en-us/security/bulletin/ms11-072 http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-06-25 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing a malformed BitsPerSample field of a TIFF image, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF document. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-20 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing a picture file with malformed dimensions, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF document. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-20 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing malformed IFF data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-09 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing malformed PCX data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-20 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing malformed BMP data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-12 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a stack overflow error when processing a malformed picture within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. III. AFFECTED PRODUCTS --- Adobe Acrobat and Reader X (10.1) and prior Adobe Acrobat and Reader 9.4.5 and prior Adobe Acrobat and Reader 8.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- Governments and major corporations which are members of the VUPEN Threat Protection Program (TPP) have been proactively alerted about the vulnerability when it was discovered by VUPEN in advance of its public disclosure, and have received a detailed attack detection guidance to protect national and critical infrastructures against potential 0-day attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Acrobat and Reader X (10.1.1), Adobe Acrobat and Reader v9.4.6 or Adobe Acrobat and Reader v8.3.1. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive cyber security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-24.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-20 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-09-14 - Public disclosure
VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19)
VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director. from Adobe.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by an array indexing error in the dirapi.dll component when processing malformed data within the rcsL record, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Adobe Shockwave Player v11.6.0.626 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Shockwave Player v11.6.1.629. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-19.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-07-05 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-08-10 - Public disclosure
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21)
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers uncompromised viewing of expressive applications, content, and videos across screens and browsers. Flash Player delivers breakthrough web experiences to over 98% of Internet users. from Adobe.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by a buffer overflow error when processing a malformed ActionScript FileReference method, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE: CVE-2011-2137 III. AFFECTED PRODUCTS --- Adobe Flash Player v10.3.181.34 and prior Adobe Flash Player v10.3.185.25 and prior for Android Adobe AIR version 2.7 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Flash Player v10.3.183.5 : http://www.adobe.com/go/getflash Upgrade to Adobe Flash Player v10.3.186.3 for Android : market://details?id=com.adobe.flashplayer Upgrade to Adobe AIR v2.7.1 : http://get.adobe.com/air VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2011-04-28 - Vulnerability Discovered by VUPEN and shared with customers 2011-08-10 - Public disclosure
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038)
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow Vulnerability (MS11-038) Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer underflow error in the Object Linking and Embedding (OLE) Automation component when processing malformed Windows Metafile (WMF) data via the _PictLoadMetaFileRaw() function, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE: CVE-2011-0658 III. AFFECTED PRODUCTS --- Microsoft Windows 7 (32-bit) Microsoft Windows 7 (x64) Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows Server 2008 (x64) Microsoft Windows Server 2008 (x64) Service Pack 2 Microsoft Windows Server 2008 R2 (Itanium) Microsoft Windows Server 2008 R2 (x64) Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS11-038 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.microsoft.com/technet/security/Bulletin/MS11-038.mspx http://www.vupen.com/english/research.php X. DISCLOSURE TIMELINE - 2010-08-05 - Vulnerability Discovered by VUPEN and shared with TPP customers 2011-06-14 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile clrt Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile clrt Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed clrt tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2011-01-07 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile bfd Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile bfd Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer truncation error in the Color Management Module (CMM) when processing a malformed bfd tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2010-12-21 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile ncl2 Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile ncl2 Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed ncl2 tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2010-12-21 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile pseq Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile pseq Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed pseq tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2010-12-21 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile scrn Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile scrn Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed scrn tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2010-12-14 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - Oracle Java ICC Profile mluc Tag Integer Overflow Code Execution Vulnerability
VUPEN Security Research - Oracle Java ICC Profile mluc Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Java is a programming language and computing platform released by Sun Microsystems (now Oracle). It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by an integer overflow error in the Color Management Module (CMM) when processing a malformed mluc tag within an ICC profile, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Oracle Java JDK and JRE 6 Update 25 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Oracle Java JDK and JRE 6 Update 26. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. VUPEN has been recently recognized as Entrepreneurial Company of the Year in the Vulnerability Research Market (2011) by Frost Sullivan. VUPEN solutions include: * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html X. DISCLOSURE TIMELINE - 2011-01-07 - Vulnerability Discovered by VUPEN 2011-06-09 - Public disclosure
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption
VUPEN Security Research - 7T Interactive Graphical SCADA System ODBC Remote Memory Corruption http://www.vupen.com/english/research.php I. BACKGROUND - 7T Interactive Graphical SCADA System (IGSS) is a state-of-the art SCADA system used for monitoring and controlling industrial processes. IGSS has been installed in more than 28.000 industrial plants worldwide. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in 7T Interactive Graphical SCADA System (IGSS). The vulnerability is caused by a memory corruption error in the Open Database Connectivity (ODBC) component when processing packets sent to port 20222/TCP, which could result in an invalid structure being used, leading to an exploitable condition. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- 7T Interactive Graphical SCADA System (IGSS) versions prior to 9.0.0.11143 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php VUPEN Binary Analysis Exploits Service provides private exploits and in-depth technical analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit. The service allows governments and major corporations to evaluate risks, and protect infrastructures and assets against new threats. The service also allows security vendors (IPS, IDS, AntiVirus) to supplement their internal research efforts and quickly develop both vulnerability-based and exploit-based signatures to proactively protect their customers from attacks and emerging threats. V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to version 9.0.0.11143. VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is the world leader in vulnerability research for defensive and offensive security. VUPEN solutions enable corporations and Governments to measure and manage risks, eliminate vulnerabilities before they can be exploited, and protect critical infrastructures and assets against known and unknown vulnerabilities. * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/1301 X. DISCLOSURE TIMELINE - 2011-05-15 - Vulnerability Discovered by VUPEN 2011-05-18 - Vendor informed 2011-05-18 - Vendor reply 2011-05-24 - Coordinated disclosure
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345)
VUPEN Security Research - Microsoft Internet Explorer Property Change Memory Corruption (CVE-2011-1345) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the CObjectElement::OnPropertyChange() function within the MSHTML library when handling objects, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 Microsoft Windows 7 for 32-bit Systems Microsoft Windows 7 for 32-bit Systems Service Pack 1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for x64-based Systems Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 Microsoft Windows Server 2008 R2 for Itanium-based Systems Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-018 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0937 http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx X. DISCLOSURE TIMELINE - 2011-01-22 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-018 security update available
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) http://www.vupen.com/english/research.php I. BACKGROUND - Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when processing certain text nodes, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Apple Safari version 5.0.4 and prior for Windows and Mac OS X Apple iOS versions 3.0 through 4.3.1 for iPhone 3GS and later Apple iOS versions 3.1 through 4.3.1 for iPod touch (3rd generation) and later Apple iOS versions 3.2 through 4.3.1 for iPad Apple iOS versions 4.2.5 through 4.2.6 for iPhone 4 (CDMA) IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Apple Safari version 5.0.5 for Windows and Mac OS X. Upgrade to Apple iOS version 4.3.2 for iPhone, iPod, and iPad. Upgrade to Apple iOS version 4.2.7 for iPhone 4 (CDMA). VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0984 http://www.vupen.com/english/advisories/2011/0983 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4606 http://support.apple.com/kb/HT4607 X. DISCLOSURE TIMELINE - 2011-02-26 - Vulnerability Discovered by VUPEN 2011-04-14 - Apple updates available
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034)
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack Overflow Vulnerability (CVE-2011-0034) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver ATMFD.dll when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (64x) Microsoft Windows Server 2008 (64x) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows 7 (32-bit) Microsoft Windows 7 (32-bit) Service Pack 1 Microsoft Windows 7 (64x) Microsoft Windows 7 (64x) Service Pack 1 Microsoft Windows Server 2008 R2 (64x) Microsoft Windows Server 2008 R2 (64x) Service Pack 1 Microsoft Windows Server 2008 R2 (Itanium) Microsoft Windows Server 2008 R2 (Itanium) Service Pack 1 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-032 security update. VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0950 http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx X. DISCLOSURE TIMELINE - 2011-03-02 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-032 security update available
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105)
VUPEN Security Research - Microsoft Office Excel Real Time Data Stack Overwrite Vulnerability (CVE-2011-0105) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use. (microsoft.com) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a stack overwrite error when parsing the RTD RealTimeData record (0813h), which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted Excel document. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Excel 2002 Service Pack 3 Open XML File Format Converter for Mac IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-021 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0940 http://www.microsoft.com/technet/security/Bulletin/MS11-021.mspx X. DISCLOSURE TIMELINE - 2010-10-10 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-021 security update available
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094)
VUPEN Security Research - Microsoft Internet Explorer Layouts Use-after-free Vulnerability (CVE-2011-0094) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Internet Explorer. The vulnerability is caused by a use-after-free error in the CSpliceTreeEngine::InsertSplice() function within the MSHTML library when handling layouts, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-018 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0937 http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx X. DISCLOSURE TIMELINE - 2010-05-20 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-018 security update available
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office is a proprietary commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office. The vulnerability is caused by an integer overflow error in the MSO component when parsing certain values within an Office document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a malformed Office file (e.g. Word). CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) / CVE-2011-0041 III. AFFECTED PRODUCTS --- Microsoft Office XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-029 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly and Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0947 http://www.microsoft.com/technet/security/Bulletin/MS11-029.mspx X. DISCLOSURE TIMELINE - 2010-05-05 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-029 security update released
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows GDI+ Size Handling Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the GDI+ library when parsing certain values within a EMF image file, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) / CVE-2011-0041 III. AFFECTED PRODUCTS --- Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (64x) Microsoft Windows Server 2008 (64x) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-029 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly and Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0946 http://www.microsoft.com/technet/security/Bulletin/MS11-029.mspx X. DISCLOSURE TIMELINE - 2010-02-01 - Vulnerability Discovered by VUPEN 2011-04-12 - MS11-029 security update released
VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free
VUPEN Security Research - Apple Safari WebKit Iframe Event Handling Remote Use-after-free http://www.vupen.com/english/research.php I. BACKGROUND - Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain iframe events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Apple Safari version 5.0.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Apple Safari version 5.0.4. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0641 http://support.apple.com/kb/HT4566 X. DISCLOSURE TIMELINE - 2010-10-17 - Vulnerability Discovered by VUPEN 2010-10-20 - VUPEN TPP customers informed 2011-03-09 - MS11-006 security update available
VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free
VUPEN Security Research - Apple Safari WebKit Scroll Event Handling Remote Use-after-free http://www.vupen.com/english/research.php I. BACKGROUND - Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain scroll events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Apple Safari version 5.0.3 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Apple Safari version 5.0.4. VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0641 http://support.apple.com/kb/HT4566 X. DISCLOSURE TIMELINE - 2010-11-17 - Vulnerability Discovered by VUPEN 2010-11-20 - VUPEN TPP customers informed 2011-03-09 - Apple Safari version 5.0.4 released
VUPEN Security Research - Adobe Shockwave DIRAPI LCTX Chunck Memory Corruption Vulnerability (APSB11-01)
VUPEN Security Research - Adobe Shockwave DIRAPI Lctx Chunck Memory Corruption Vulnerability (APSB11-01) http://www.vupen.com/english/research.php I. BACKGROUND - Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to some of the best the Web has to offer including dazzling 3D games and entertainment, interactive product demonstrations, and online learning applications. Shockwave Player displays Web content that has been created by Adobe Director. from Adobe.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the DIRAPI.dll module when processing the LCTX chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Adobe Shockwave Player version 11.5.9.615 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. VUPEN TPP customers have been protected against this vulnerability 9 months before the release of the Adobe patch. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Adobe Shockwave Player version 11.5.9.620. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0335 http://www.adobe.com/support/security/bulletins/apsb11-01.html X. DISCLOSURE TIMELINE - 2010-05-15 - Vulnerability Discovered by VUPEN 2010-05-17 - VUPEN TPP customers informed 2010-xx-xx - Vulnerability rediscovered by third parties 2011-02-08 - Adobe security update released
VUPEN Security Research - Microsoft Internet Explorer mshtml.dll Dangling Pointer Vulnerability (CVE-2011-0036)
VUPEN Security Research - Microsoft Internet Explorer mshtml.dll Dangling Pointer Vulnerability (CVE-2011-0036) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a dangling pointer in the mshtml.dll library when handling certain object manipulations, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Internet Explorer 8 Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Windows 7 (32-bit) Microsoft Windows 7 (64x) Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (64x) Microsoft Windows Server 2008 (64x) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows Server 2008 R2 (64x) Microsoft Windows Server 2008 R2 (Itanium) Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit with ASLR and DEP bypass are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. VUPEN TPP customers have been protected against this vulnerability 8 months before the release of the Microsoft patch. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-003 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0318 http://www.microsoft.com/technet/security/bulletin/MS11-003.mspx X. DISCLOSURE TIMELINE - 2010-06-15 - Vulnerability Discovered by VUPEN 2010-06-17 - VUPEN TPP customers informed 2010-xx-xx - Vulnerability rediscovered by third parties 2011-02-08 - MS11-003 security update available
VUPEN Security Research - Microsoft Windows Shell Graphics BMP width Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows Shell Graphics BMP width Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the width value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows Server 2008 (x64) Microsoft Windows Server 2008 (x64) Service Pack 2 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-006 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0018 http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx X. DISCLOSURE TIMELINE - 2011-01-15 - Vulnerability Discovered by VUPEN 2011-02-08 - MS11-006 security update available
VUPEN Security Research - Microsoft Windows Shell Graphics BMP height Integer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows Shell Graphics BMP height Integer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the height value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows Server 2008 (x64) Microsoft Windows Server 2008 (x64) Service Pack 2 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-006 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0018 http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx X. DISCLOSURE TIMELINE - 2011-01-15 - Vulnerability Discovered by VUPEN 2011-02-08 - MS11-006 security update available
VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability
VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a buffer overflow error in the Windows Shell graphics processor when parsing the biCompression value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Microsoft Windows Server 2008 (32-bit) Microsoft Windows Server 2008 (32-bit) Service Pack 2 Microsoft Windows Server 2008 (Itanium) Microsoft Windows Server 2008 (Itanium) Service Pack 2 Microsoft Windows Server 2008 (x64) Microsoft Windows Server 2008 (x64) Service Pack 2 Microsoft Windows Vista Service Pack 1 Microsoft Windows Vista Service Pack 2 Microsoft Windows Vista x64 Edition Service Pack 1 Microsoft Windows Vista x64 Edition Service Pack 2 Microsoft Windows Server 2003 Service Pack 2 Microsoft Windows Server 2003 SP2 (Itanium) Microsoft Windows Server 2003 x64 Edition Service Pack 2 Microsoft Windows XP Professional x64 Edition Service Pack 2 Microsoft Windows XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a proof-of-concept code are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply the MS11-006 security update. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0018 http://www.microsoft.com/technet/security/bulletin/MS11-006.mspx X. DISCLOSURE TIMELINE - 2011-01-17 - Vulnerability Discovered by VUPEN 2011-02-08 - MS11-006 security update available
VUPEN Security Research - Novell GroupWise TZID Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004)
VUPEN Security Research - Novell GroupWise VCALENDAR TZID Variable Remote Buffer Overflow Vulnerability (VUPEN-SR-2011-004) http://www.vupen.com/english/research.php I. BACKGROUND - Novell GroupWise collaboration software is a premier collaboration tool for large enterprise. Look no further than Novell for your collaboration software. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the g1.dll module when processing the TZID variable within VCALENDAR data, which could be exploited by remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --- Novell GroupWise version 8.02 HP 1 (Hot Patch 1) and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) receive advanced notifications about security vulnerabilities discovered by VUPEN, and have access to a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Novell GroupWise version 8.02 HP 2 (Hot Patch 2). VII. CREDIT -- This vulnerability was discovered by Sebastien Renaud of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0220 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4325 http://www.novell.com/support/viewContent.do?externalId=7007638sliceId=1 X. DISCLOSURE TIMELINE - 2010-11-22 - Vulnerability discovered 2010-xx-xx - Vulnerability rediscovered by third parties including ZDI 2011-01-25 - Novell fix released
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041)
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Publisher, is a desktop publishing application from Microsoft. It is an entry-level application, differing from Microsoft Word in that the emphasis is placed on page layout and design rather than text composition and proofing. from wikipedia.org II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a memory corruption error when handling malformed Publisher documents, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented. III. AFFECTED PRODUCTS --- Microsoft Publisher 2010 (32-bit editions) Microsoft Publisher 2010 (64-bit editions) Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-103 security updates. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3954 X. DISCLOSURE TIMELINE - 2010-03-18 - Vendor notified 2010-03-18 - Vendor response 2010-12-08 - Status update received 2010-12-14 - Coordinated disclosure
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200)
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Publisher, is a desktop publishing application from Microsoft. It is an entry-level application, differing from Microsoft Word in that the emphasis is placed on page layout and design rather than text composition and proofing. from wikipedia.org II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a heap corruption error in pubconv.dll while trusting a size value from a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented. III. AFFECTED PRODUCTS --- Microsoft Publisher 2007 Service Pack 2 Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-103 security updates. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2569 X. DISCLOSURE TIMELINE - 2010-04-26 - Vendor notified 2010-04-26 - Vendor response 2010-12-08 - Status update received 2010-12-14 - Coordinated disclosure
VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201)
VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Publisher, is a desktop publishing application from Microsoft. It is an entry-level application, differing from Microsoft Word in that the emphasis is placed on page layout and design rather than text composition and proofing. from wikipedia.org II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error when processing a malformed record within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented. III. AFFECTED PRODUCTS --- Microsoft Publisher 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-103 security updates. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3955 X. DISCLOSURE TIMELINE - 2010-04-26 - Vendor notified 2010-04-26 - Vendor response 2010-12-08 - Status update received 2010-12-14 - Coordinated disclosure
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199)
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems with more than 60% of the worldwide usage share of web browsers. (Wikipedia) II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when handling certain animation behaviours, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. III. AFFECTED PRODUCTS --- Internet Explorer 6 for Windows XP Service Pack 3 Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2 Internet Explorer 6 for Windows Server 2003 Service Pack 2 Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2 Internet Explorer 6 for Windows Server 2003 SP2 (Itanium) IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-090 security updates. VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.microsoft.com/technet/security/bulletin/ms10-090.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3343 X. DISCLOSURE TIMELINE - 2010-04-29 - Vendor notified 2010-04-29 - Vendor response 2010-12-01 - Status update received 2010-12-14 - Coordinated disclosure
VUPEN Security Research - Microsoft Office Publisher pubconv.dll Array Indexing Vulnerability (VUPEN-SR-2010-206)
VUPEN Security Research - Microsoft Office Publisher pubconv.dll Array Indexing Vulnerability (VUPEN-SR-2010-206) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Publisher, is a desktop publishing application from Microsoft. It is an entry-level application, differing from Microsoft Word in that the emphasis is placed on page layout and design rather than text composition and proofing. from wikipedia.org II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error in pubconv.dll when processing a malformed value within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented. III. AFFECTED PRODUCTS --- Microsoft Publisher 2003 Service Pack 3 Microsoft Publisher 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-103 security updates. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2571 X. DISCLOSURE TIMELINE - 2010-04-26 - Vendor notified 2010-04-26 - Vendor response 2010-12-08 - Status update received 2010-12-14 - Coordinated disclosure
VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004)
VUPEN Security Research - RealPlayer Sound Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-004) http://www.vupen.com/english/research.php I. BACKGROUND - RealPlayer is a media player available to play, manage and download all your mp3, flash and video files from real.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- RealPlayer 11.0 - 11.1 RealPlayer SP 1.0 - 1.0.1 RealPlayer SP 1.0.2 - 1.1.1 RealPlayer SP 1.1.2 - 1.1.4 RealPlayer Enterprise 2.1.2 Mac RealPlayer 11.0 - 11.1 Linux RealPlayer 11.0.2.1744 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to fixed versions : http://service.real.com/realplayer/security/12102010_player/en/ VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://service.real.com/realplayer/security/12102010_player/en/ X. DISCLOSURE TIMELINE - 2010-02-25 - Vendor notified 2010-12-05 - Status update received 2010-12-10 - Coordinated disclosure
VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003)
VUPEN Security Research - RealPlayer Audio Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-003) http://www.vupen.com/english/research.php I. BACKGROUND - RealPlayer is a media player available to play, manage and download all your mp3, flash and video files from real.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- RealPlayer 11.0 - 11.1 RealPlayer SP 1.0 - 1.0.1 RealPlayer SP 1.0.2 - 1.1.1 RealPlayer SP 1.1.2 - 1.1.4 RealPlayer Enterprise 2.1.2 Mac RealPlayer 11.0 - 11.1 Linux RealPlayer 11.0.2.1744 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to fixed versions : http://service.real.com/realplayer/security/12102010_player/en/ VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://service.real.com/realplayer/security/12102010_player/en/ X. DISCLOSURE TIMELINE - 2010-02-25 - Vendor notified 2010-12-05 - Status update received 2010-12-10 - Coordinated disclosure
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005)
VUPEN Security Research - RealPlayer AAC Data Handling Buffer Overflow Vulnerability (VUPEN-SR-2010-005) http://www.vupen.com/english/research.php I. BACKGROUND - RealPlayer is a media player available to play, manage and download all your mp3, flash and video files from real.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- RealPlayer 11.0 - 11.1 RealPlayer SP 1.0 - 1.0.1 RealPlayer SP 1.0.2 - 1.1.1 RealPlayer SP 1.1.2 - 1.1.4 RealPlayer Enterprise 2.1.2 Mac RealPlayer 11.0 - 11.1 Mac RealPlayer 12.0.0.1444 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to fixed versions : http://service.real.com/realplayer/security/12102010_player/en/ VII. CREDIT -- This vulnerability was discovered by Nicolas Joly of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://service.real.com/realplayer/security/12102010_player/en/ X. DISCLOSURE TIMELINE - 2010-02-25 - Vendor notified 2010-12-05 - Status update received 2010-12-10 - Coordinated disclosure
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30)
VUPEN Security Research - RealPlayer RealMedia Data Handling Heap Overflow Vulnerabilities (VUPEN-SR-2010-28, VUPEN-SR-2010-29, VUPEN-SR-2010-30) http://www.vupen.com/english/research.php I. BACKGROUND - RealPlayer is a media player available to play, manage and download all your mp3, flash and video files from real.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- RealPlayer 11.0 - 11.1 RealPlayer SP 1.0 - 1.0.1 RealPlayer SP 1.0.2 - 1.1.1 RealPlayer SP 1.1.2 - 1.1.4 RealPlayer Enterprise 2.1.2 Linux RealPlayer 11.0.2.1744 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities and code execution exploits or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to fixed versions : http://service.real.com/realplayer/security/12102010_player/en/ VII. CREDIT -- These vulnerabilities were discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://service.real.com/realplayer/security/12102010_player/en/ X. DISCLOSURE TIMELINE - 2010-02-25 - Vendor notified 2010-12-05 - Status update received 2010-12-10 - Coordinated disclosure
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31)
VUPEN Security Research - RealPlayer RA5 Data Handling Heap Overflow Vulnerability (VUPEN-SR-2010-31) http://www.vupen.com/english/research.php I. BACKGROUND - RealPlayer is a media player available to play, manage and download all your mp3, flash and video files from real.com II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- RealPlayer 11.0 - 11.1 RealPlayer SP 1.0 - 1.0.1 RealPlayer SP 1.0.2 - 1.1.1 RealPlayer SP 1.1.2 - 1.1.4 RealPlayer Enterprise 2.1.2 Mac RealPlayer 11.0 - 11.1 Mac RealPlayer 12.0.0.1444 Linux RealPlayer 11.0.2.1744 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit or proof-of-concept are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Organizations and corporations which are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to fixed versions : http://service.real.com/realplayer/security/12102010_player/en/ VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://service.real.com/realplayer/security/12102010_player/en/ X. DISCLOSURE TIMELINE - 2010-02-25 - Vendor notified 2010-12-05 - Status update received 2010-12-10 - Coordinated disclosure
VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246)
VUPEN Security Research - Apple Safari Selections Handling Use-after-free Vulnerability (VUPEN-SR-2010-246) http://www.vupen.com/english/research.php I. BACKGROUND - Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling selections, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- Apple Safari version 5.0.2 and prior Apple Safari version 4.1.2 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit with ASLR and DEP bypass are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Apple Safari version 5.0.3 or 4.1.3 VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://support.apple.com/kb/HT4455 X. DISCLOSURE TIMELINE - 2010-07-30 - TPP Customers notified 2010-11-19 - Vulnerability Fixed
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245)
VUPEN Security Research - Apple Safari Scrollbar Handling Use-after-free Vulnerability (VUPEN-SR-2010-245) http://www.vupen.com/english/research.php I. BACKGROUND - Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling scrollbars, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. III. AFFECTED PRODUCTS --- Apple Safari version 5.0.2 and prior Apple Safari version 4.1.2 and prior IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerability and a code execution exploit with ASLR and DEP bypass are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Upgrade to Apple Safari version 5.0.3 or 4.1.3 VII. CREDIT -- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/research-vuln.php http://support.apple.com/kb/HT4455 X. DISCLOSURE TIMELINE - 2010-07-22 - TPP Customers notified 2010-11-19 - Vulnerability Fixed in Safari
VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216)
VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability to create and share documents by combining a comprehensive set of writing tools with the easy-to-use Microsoft Office Fluent user interface. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Word. The vulnerability is caused by the use of an invalid pointer when processing bookmarks in a Word document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Word file. III. AFFECTED PRODUCTS --- Microsoft Office 2004 for Mac Microsoft Office 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities fixed by Microsoft in October 2010 and code execution exploits or PoCs are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-079 security update. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/advisories/2010/2626 http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3216 X. DISCLOSURE TIMELINE - 2010-04-08 - Vendor notified 2010-04-08 - Vendor response 2010-08-09 - Status update received 2010-10-12 - Coordinated public Disclosure
VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750)
VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability to create and share documents by combining a comprehensive set of writing tools with the easy-to-use Microsoft Office Fluent user interface. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Word. The vulnerability is caused by an array indexing error when processing certain values in a Word document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Word file. III. AFFECTED PRODUCTS --- Microsoft Office 2004 for Mac Microsoft Office XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities fixed by Microsoft in October 2010 and code execution exploits or PoCs are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-079 security update. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/advisories/2010/2626 http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2750 X. DISCLOSURE TIMELINE - 2010-04-08 - Vendor and TPP customers notified 2010-04-08 - Vendor response 2010-08-09 - Status update received 2010-10-12 - Coordinated public Disclosure
VUPEN Security Research - Microsoft Office Excel Formula Substream Memory Corruption (CVE-2010-3234)
VUPEN Security Research - Microsoft Office Excel Formula Substream Memory Corruption (CVE-2010-3234) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a memory corruption error when parsing Formula Substream records in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document. III. AFFECTED PRODUCTS --- Microsoft Office XP Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities fixed by Microsoft in October 2010 and code execution exploits or PoCs are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-080 security update. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/advisories/2010/2627 http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3234 X. DISCLOSURE TIMELINE - 2010-04-02 - Vendor notified 2010-04-02 - Vendor response 2010-08-25 - Status update received 2010-10-12 - Coordinated public Disclosure
VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing Vulnerability (CVE-2010-3240)
VUPEN Security Research - Microsoft Office Excel RealTimeData Array Indexing Vulnerability (CVE-2010-3240) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Excel is a powerful tool you can use to create and format spreadsheets, and analyze and share information to make more informed decisions. With the Microsoft Office Fluent user interface, rich data visualization, and PivotTable views, professional-looking charts are easier to create and use. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an array indexing error when processing RealTimeData records in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document. III. AFFECTED PRODUCTS --- Microsoft Office 2007 Service Pack 2 Microsoft Office XP Service Pack 3 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Microsoft Excel Viewer Service Pack 2 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities fixed by Microsoft in October 2010 and code execution exploits or PoCs are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-080 security update. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/advisories/2010/2627 http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3240 X. DISCLOSURE TIMELINE - 2010-04-02 - Vendor notified 2010-04-02 - Vendor response 2010-08-25 - Status update received 2010-10-12 - Coordinated public Disclosure
VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215)
VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215) http://www.vupen.com/english/research.php I. BACKGROUND - Microsoft Office Word, included in the Microsoft Office suite, is a powerful authoring program that gives the ability to create and share documents by combining a comprehensive set of writing tools with the easy-to-use Microsoft Office Fluent user interface. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Word. The vulnerability is caused by an error when handling return values while parsing certain data in a Word document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Word file. III. AFFECTED PRODUCTS --- Microsoft Office 2004 for Mac Microsoft Office 2002 Service Pack 3 IV. Binary Analysis Exploits/PoCs --- In-depth binary analysis of the vulnerabilities fixed by Microsoft in October 2010 and code execution exploits or PoCs are available through the VUPEN Binary Analysis Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program --- Governments and Intelligence agencies who are members of the VUPEN Threat Protection Program (TPP) have been alerted about the vulnerability when it was discovered by VUPEN, and have received a detailed detection guidance to proactively protect national and critical infrastructures against potential attacks exploiting this vulnerability: http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION Apply MS10-079 security update. VII. CREDIT -- This vulnerability was discovered by Chaouki Bekrar of VUPEN Security VIII. ABOUT VUPEN Security --- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES -- http://www.vupen.com/english/advisories/2010/2626 http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3215 X. DISCLOSURE TIMELINE - 2010-04-08 - Vendor notified 2010-04-08 - Vendor response 2010-08-09 - Status update received 2010-10-12 - Coordinated public Disclosure
