Video Screencast Help
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Liam O Murchu | 07 Jun 2006 07:00:00 GMT | 0 comments

I recently posted a blog that refers to fuzzing techniques—inparticular I spoke about finding file format vulnerabilities usingthese fuzzing techniques. Therefore, it was with no great surprise thatI greeted the announcement of the discovery of nine different fileformat vulnerabilities affecting the Apple QuickTime application.However, what did surprise me was the number of separate file formatsthat were found to be vulnerable.

In this particularannouncement the commonly known .jpg, .bmp, .avi, and .pict fileformats were found to be vulnerable, along with several other formatsthat were disclosed. Given the number of issues discovered, there is nodoubt in my mind that these were all found using file fuzzingtechniques. For a full listing of the issues that Apple has resolvedwith a patched version of QuickTime, please refer to the...

Symantec Security Response | 19 May 2006 07:00:00 GMT | 0 comments

Within the last 24 hours, Security Response has discovered a newattack which exploits a previously undocumented vulnerability inMicrosoft Word. The malicious Microsoft Word document is emailed to thevictim as an attachment, and upon being opened, it installs an embeddedTrojan horse program we are calling Trojan.Mdropper.H.

Thedropper Trojan then installs a backdoor, Backdoor.Ginwui, which binds acommand shell for allowing remote access to the victim machine by theattacker and contacts a remote web server via HTTP. Both the source andthe target of the attack were based in Asia. The Web site thatBackdoor.Ginwui was contacting every minute via HTTP POST commands hasbeen taken down, though the IP addresses were being juggled by theattacker.

Security Response has seen a number of attacks like this of late andit really serves to underscore the new threat landscape we’re dealingwith today. Here’s a few of the signs of the time illustrated by thislatest attack.


John Canavan | 11 May 2006 07:00:00 GMT | 0 comments

With a landmark of six million concurrent online users set last month, Skype’s active user base is growing quickly. With many worms now targeting other IM platforms, it looks to be only a matter of time before Skype becomes targeted as an infection vector. The presence of functionally strong features in the Skype API makes it a prime target for malicious code.

Towards the end of last year, Skype introduced a programming API with the intention of fostering a growing development community. Applications providing useful add-ons to Skype functionality and many hardware interfaces had been springing up over the previous months. Hoping to make development for these programmers less painful, introduce new add-ons to the product, and ultimately increase their market share in the face of the threats from Google Talk and Yahoo IM talk services, the Skype API was launched to capitalize on developer interest.

The Skype API allowed for stand-alone applications to communicate...

Liam O Murchu | 05 May 2006 07:00:00 GMT | 0 comments

History repeats itself. Well, that’s how the saying goes anyway. To see the future we should look to the past.
So what have we seen in the recent past? The whole .wmf debacle at the end of 2005 certainly stands out. Have any lessons been learned from that? I think not, but I guess we will have to wait and see. Of course, the lessons should have been learned a long time before the .wmf exploits were ever circulated.

Why? Well, the .wmf vulnerabilities were more than likely found using some simple file format fuzzing techniques. These vulnerabilities were not the first that could have been found using file fuzzing. Indeed, we have also seen some other prominent examples of bugs in image formats that were probably found using this same technique. For example, we had the .png vulnerability in early 2005. We witnessed the icon vulnerability, also in 2005. What about the .jpeg/GDI vulnerability in 2004? All of these critical vulnerabilities could have been exposed using...