Category Archives: Security

Advisories for Ruby&Perl

Posted in Bez kategorii, Bugs, Security | Tagged , , , , , | Leave a comment

Microsoft .NET/Silverlight Manifest Resource Information Disclosure Vulnerability [CVE-2015-6114 TALOS-CAN-0130]

:: Description An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET Framework. A specially crafted resource can cause an integer overflow resulting in an out of bounds read which may … Continue reading

Posted in Analiza, Bez kategorii, Bugs, Security | Tagged , , , , , | Leave a comment

Microsoft Windows FastFAT.sys Sectors per FAT Denial of Service Vulnerability

Do You remember story about MS14-063 from last year ? It turns out there is continuation of it, but this time inside FAT12 partition. [VIDEO] Time to stick the magic stick Analysis Affected systems From Windows NT to Windows 7 … Continue reading

Posted in Bez kategorii, Bugs, Security | Tagged , , , , , , , | Leave a comment

Story about MS14-063

Last week Microsoft released patch for reported by me vulnerability in FastFat driver marking it as: MS14-063 – Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) [CVE-2014-4115]. Let me present some of the most interesting parts … Continue reading

Posted in Bugs, Security | Tagged , , , , | Leave a comment

Few vulnerabilities in <= VLC media player 2.0.1 demuxers

After two mails to VLC security team and lack of answer I decided to public this research before any patch. Presented here vulns are not too evil (Local DoS) so making them public will not cause any damage for VLC … Continue reading

Posted in Bugs, Security | Tagged , , , | Leave a comment

Windows LongPaths – extended-length paths

Maybe you are one of persons who belived for this moment that maximal length of path in Windows is equal to MAX_PATH ( 260 signs). Nothing further from the truth !!!. In document which you can download below I have … Continue reading

Posted in Analiza, Bez kategorii, RE, Security | Tagged , , , , , , , | 14 Comments

Old PHP Advisory

During vacations 2009 together with Gynvael Coldwind and j00ru we have been searching for a potential bugs in PHP, but it wasn’t a typical bughunt;). You can read about all details from this even on Gynvael’s blog. Package contains the … Continue reading

Posted in Bez kategorii, Security | Tagged , , , , , , | Leave a comment

GMER 1.0.15.15281 Buffer overflow 0day

During some research which results I’m going to publish in near future, I discovered a bug in a gmer win32 application causes a buffer overflow. (un)Fortunatelly because of existing security cookies in code and it’s character near function where BO … Continue reading

Posted in Security | Tagged , , , , , , , | Leave a comment