Recent Comments
Author Archives: Icewall
Current Research
For more details about my current research follow me on twitter: Tweets by _Icewall
Advisories for Ruby&Perl
[table] Vulnerability,CVE Ruby Fiddle::Function.new Heap Overflow Vulnerability,CVE-2016-2339 Ruby pack_pack Use After Free Vulnerability,CVE-2016-2338 Ruby Psych::Emitter start_document Heap Overflow Vulnerability,CVE-2016-2338 Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities,CVE-2016-2337 Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities,CVE-2016-2336 Ruby TkUtil class multiple vulnerabilities – Type … Continue reading
Posted in Bez kategorii, Bugs, Security
Tagged CVE-2016-2336, CVE-2016-2337, CVE-2016-2338, CVE-2016-2339, perl, ruby
Leave a comment
(English) Microsoft .NET/Silverlight Manifest Resource Information Disclosure Vulnerability [CVE-2015-6114 TALOS-CAN-0130]
:: Description An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET Framework. A specially crafted resource can cause an integer overflow resulting in an out of bounds read which may … Continue reading
Posted in Analiza, Bez kategorii, Bugs, Security
Tagged .net, coreclr, CVE-2015-6114, infoleak, memleak, silverlight
Leave a comment
(English) Microsoft Windows FastFAT.sys Sectors per FAT Denial of Service Vulnerability
Do You remember story about MS14-063 from last year ? It turns out there is continuation of it, but this time inside FAT12 partition. [VIDEO] Time to stick the magic stick Analysis Affected systems From Windows NT to Windows 7 … Continue reading
Story about MS14-063
Last week Microsoft released patch for reported by me vulnerability in FastFat driver marking it as: MS14-063 – Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) [CVE-2014-4115]. Let me present some of the most interesting parts … Continue reading
Posted in Bugs, Security
Tagged badusb, CVE-2014-4115, FAT32 vulerability, MS14-063, usb stick
Leave a comment
(English) Fake "Police Trojan" analysis
For some time the “virus of the police” has become an epidemic across Europe. Currently a variant of the first sample, found during summer of 2011, is infecting Windows operating system users. It blocked the system on startup, with a … Continue reading
Posted in Analiza, Malware, RE
Leave a comment
(English) Few vulnerabilities in
After two mails to VLC security team and lack of answer I decided to public this research before any patch. Presented here vulns are not too evil (Local DoS) so making them public will not cause any damage for VLC … Continue reading
Reversowanie BHO
Od dawien dawna po dzień dzisiejszy (BHO wpierane jest od IE 4.0) autorzy malware’u wykorzystują funkcjonalność jaką dostarcza im BHO do znęcania się nad użytkownikami IE. Przeważnie złośliwe BHO posiada dwie kluczowe funkcjonalności (na pewno w przypadku banker’a) : – … Continue reading
Posted in Aplikacja, Malware, RE
Tagged _ATL_EVENT_ENTRY, bho, html code injection, invoke, Iwebbrowser, Malware, post dump
6 Comments
Gwiazdka w nazwach plików i folderów ?
Czy to w ogóle możliwe ? Okazuje się, że tak. Na możliwość tworzenia nazw plików czy folderów zawierających gwiazdkę wpadłem przez przypadek, czytając wybrane fragmenty driver’a NTFS robiąc research odnośnie długich ścieżek pod Windows’em. [ Gdzie kryje się sekret? ] … Continue reading
Posted in Analiza, RE
Tagged asterisk in filename, ntfs, NtfsIsFileNameValid, wildcard w nazwie
Leave a comment