CVE 2013 6674 WireTap – Filter Bypass, Persistent Vulnerability & PoC Video

Mozilla CVE 2013 6674 WireTap – Filter Bypass & Persistent Software Vulnerability

In 2013 Q2-3 Ateeq ur Rehman Khan (vl core team) discovered a filter bypass issue with a persistent attack vector in the mozilla gecko engine of the seamonkey and thunderbird software. The vulnerability was tricky to exploit and not easy not discover with the full impact in one step. After 2 weeks analysis of the vulnerability ateeq figured out the location of the problem but also the different attack methods and vectors around the issue.


Kaspersky IS & AV 2011/2012 – Memory Corruption

Kaspersky IS & AV 2011/2012 – Memory Corruption

About 1 year ago i discovered a local vulnerability to a product vendor kaspersky. The vulnerability was a memory corruption  bug in the antivirus and internet security product. The bug was located on the .cfg file import to load configuration files. I used a new software to identify a pointer corruption which allows to read or write. The vulnerability can be exploited by local low privileged user account or local system attackers. Successfull exploitation results in a critical software crash in combination with the bound modules like sidebar or the kis/kav browser addon.


Subscribe to RSS - Videos