Friday, October 12, 2012

APSB12-22 Sample

Recently Adobe closed several bugs in Flash Player right before Pwnium2. So, my bug was patched and now I wanna share with it. Sorry, without analysis or anymore.

Wednesday, February 15, 2012

ZDI-11-244: FlexNet License Server Manager lmadmin Heap Overflow

Version: 11.9.0.0 build 92720


Since July 28th, 2011 when ZDI disclosure information about this vulnerability,the server is still unpatched and can be downloaded, for example, from citrix.com site.
Heap overflow occur while lmadmin.exe processes special crafted data recieved from tcp port 27000 (default).

Saturday, February 4, 2012

Bug in MS Excel 2010

This bug is not exploitable, useless and not interesting. But anyway I think there is meaning to share this information.
Site: http://office.microsoft.com/en-us/excel/
Version: 14.0.6112.5000
 
   Microsoft Office Excel has bug when it processes excel binary file (*.xls) with special crafted PUB Record.

Thursday, November 24, 2011

Analysis of CVE 2011-2140 Adobe Flash Player MP4 sequenceParameterSetNALUnit Vulnerability

The flaw exists while flash player processes 'avcC' box of mp4 file H264 encoded. Process copy num_ref_frames_in_pic_order_cnt_cycle times to user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

Friday, September 2, 2011

Java Runtime Environment RenderBuffer Class Heap Overflow

Site: http://java.com
Version: 1.6.0_26

Below I will refer to the source from 12 november 2010(jdk-6u23-fcs-src-b05-jrl-12_nov_2010.jar downloaded from http://download.java.net/jdk6/source/).

Class RenderBuffer (../j2se/src/share/classes/sun/java2d/pipe/RenderBuffer.java) provides some very interesting possibilities.