If at first you don't succeed; call it version 1.0
Saturday, 18 February 2006

It appears that the severity of the new vulnerability found in Windows Media Player's plug-in for non-IE browsers was downplayed by Microsoft.

According to iDefense's advisory: "Due to unicode translations, shellcode characters are somewhat limited to character code values below 0×80". So, my assumption was that MS ranked this vulnerability with 'Important' severity instead of 'Critical' because of the un-feasibility of injecting a usefully shell-code.

Well, I guess I was wrong. Alphanumeric shell codes can be used, and also SkyLined heap spraying method. Both Proof-of-Concepts were demonstrated by H D Moore and Matthew Murphy.

Back to the books...

Saturday, 18 February 2006 01:00:39 UTC | Comments [0] | Security#
Tuesday, 07 February 2006

A week ago, Mozilla Foundation released a new security update which included 8 advisories.
4 of the advisories were rated with 'Moderate' severity. At least 3 of them, IMHO, are exploitable for remote code execution with no user interaction.

Today, HD Moore, the author of Metasploitpublished a remote code execution exploit for one of the 'Moderate' severity rated vulnerabilities.

This again shows you that Mozilla Foundation are not learning from past mistakes and are still downplaying vulnerabilities.

My guess is that they are waiting for an exploit in the wild before they are going to rate any exploitable memory corruption vulnerability as 'Critical'.

Tuesday, 07 February 2006 08:23:18 UTC | Comments [5] | Security#
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.