It’s time to reveal all the information about this vulnerability. I discovered ir several months ago. It was published via Idefense. Not too much information was revealed however it was more dangerous than the people thought
Basically Skype has some security restrictions when a file: URL is sent to a chat conversation. This URL is linkable […]
Read More >>
Posted in Vulnerabilities | 0 comments
Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code.
To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this advisory. Once of them is […]
Read More >>
Posted in Vulnerabilities | 0 comments
This is my last discovered vulnerability. It’s a vulnerability in a Trend Micro product. Read the Idefense advisory.
I had developed a PoC for W2K SP4 however a PoC for WinXP is hard to develop because i couldn’t find a call esp, or similar instruction, with an unicode address format.
This is the technical analysis […]
Read More >>
Posted in Windows, Vulnerabilities | 0 comments
In april I shared with Eset two discovered vulnerabilities (two stack overflow) in NOD32 Antivirus. they are very basic threats but can lead to local/remote arbitrary code execution.
Eset was contacted on April 19 and I receive a fast response. The comunication with Eset had been great, and the threats were patched fast (the update is […]
Read More >>
Posted in Windows, Vulnerabilities | 0 comments
