Videos

Thu
05
Jan
Editorial_Staff_Team's picture

Kaspersky IS & AV 2011/2012 – Memory Corruption

Kaspersky IS & AV 2011/2012 – Memory Corruption

About 1 year ago i discovered a local vulnerability to a product vendor kaspersky. The vulnerability was a memory corruption  bug in the antivirus and internet security product. The bug was located on the .cfg file import to load configuration files. I used a new software to identify a pointer corruption which allows to read or write. The vulnerability can be exploited by local low privileged user account or local system attackers. Successfull exploitation results in a critical software crash in combination with the bound modules like sidebar or the kis/kav browser addon.

Sat
17
Dec
Editorial_Staff_Team's picture

Microsoft Bulletin MS2013-067 – SharePoint 2013 Online

Microsoft Bulletin MS2013-067 – SharePoint 2013 Online

This week microsoft published the new security bulletins of 2013 september. In February the issue has been reported to the microsoft security response centers responsible - public disclosure program. The issue was for fail publish 2 month ago without full details, references and ids. After a little patch of our internal disclosure procedure system, microsoft accepted the issue for the bulletin program acknowledgment. The vulnerability was created to confirm the exist of the possibility to inject script code to elevate the sharepoint online 2013 software user privileges. The inject comes up from the online service and gets executed persistent in the software core.

Lets review first the full update listing of the september #1 security bulletins with id and severity.

Pages

Subscribe to RSS - Videos