Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code.
To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this advisory. Once of them is […]
This is my last discovered vulnerability. It’s a vulnerability in a Trend Micro product. Read the Idefense advisory.
I had developed a PoC for W2K SP4 however a PoC for WinXP is hard to develop because i couldn’t find a call esp, or similar instruction, with an unicode address format.
This is the technical analysis […]
In april I shared with Eset two discovered vulnerabilities (two stack overflow) in NOD32 Antivirus. they are very basic threats but can lead to local/remote arbitrary code execution.
Eset was contacted on April 19 and I receive a fast response. The comunication with Eset had been great, and the threats were patched fast (the update is […]