Oracle OIT Image Export SDK libvs_pdf XRef Index Code Execution Vulnerability
This post was authored by Aleksandar Nikolic and Jaeson Schultz. Talos has recently discovered a vulnerability in Oracle’s Outside In Technology Image Export SDK which, when exploited, allows an attacker to overflow the heap, leading to arbitrary code execution. The vulnerabil
Bypassing MiniUPnP Stack Smashing Protection
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punchin
Holiday Shopping Threat Avoidance
Executive Summary The holidays are upon us and the shopping season is kicking into high gear. This year, an estimated 270 million consumers will shop online and, for the first time, more than half of them will use mobile devices to check off their holiday shopping lists. With co
Domains of the Living Dead
According to the Centers for Disease Control and Prevention (CDC), “If you’re ready for a zombie apocalypse, then you’re ready for any emergency.” While events haven’t yet risen to the level of “zombie apocalypse”, computer attackers are continuing to use their voodoo to zombify
Dangerous Clipboard: Analysis of the MS15-072 Patch
This post was authored by Marcin Noga with contributions from Jaeson Schultz. Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulle