Part II: Skype File URI Security Bypass Code Execution Vulnerability

It’s time to reveal all the information about this vulnerability. I discovered ir several months ago. It was published via Idefense. Not too much information was revealed however it was more dangerous than the people thought
Basically Skype has some security restrictions when a file: URL is sent to a chat conversation. This URL is linkable […]

Skype File URI Security Bypass Code Execution Vulnerability

Idefense has published my advisory about a potential security vulnerability in Skype. Explotation of this issue allows an attacker to execute arbitrary code.
To exploit it, an attacker needs to construct and send to the victim (as a skype chat message) a malicious file: URI. There are two flaws with this advisory. Once of them is […]

Trend Micro SSAPI Long Path Buffer Overflow Vulnerability

This is my last discovered vulnerability. It’s a vulnerability in a Trend Micro product. Read the Idefense advisory.
I had developed a PoC for W2K SP4 however a PoC for WinXP is hard to develop because i couldn’t find a call esp, or similar instruction, with an unicode address format.
This is the technical analysis […]

NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities

In april I shared with Eset two discovered vulnerabilities (two stack overflow) in NOD32 Antivirus. they are very basic threats but can lead to local/remote arbitrary code execution.
Eset was contacted on April 19 and I receive a fast response. The comunication with Eset had been great, and the threats were patched fast (the update is […]