Apple QuickTime memory corruption when loading BMP file

Posted by SkyLined on April 12th, 2010 in , , , , , , and · 0 Comments

From http://support.apple.com/kb/HT4104:
CVE-ID: CVE-2010-0536

Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in the handling of BMP images…

Advances in heap spraying #1: when size matters.

Posted by SkyLined on January 18th, 2010 in , , , , , , and · 1 Comment

http://skypher.com/SkyLined/heap_spray/small_heap_spray_generator.html

I’ve created a heap-spray generator…

Cross browser parallel asynchronous XMLHttpRequests with timeout.

Posted by SkyLined on September 29th, 2009 in , , , , , and · 2 Comments

AsyncXMLHttpRequest is an extension of XMLHttpRequest with the following improvements:

Uniform behavior on multiple different browsers (Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox and Opera).
Event handlers are called with the AsyncXMLHttpRequest object to which they apply as the first argument…

Security contacts

Posted by SkyLined on December 10th, 2008 in , , , , , , and · 0 Comments

I’ve created a table with contact information for security teams for mayor software vendors. I’m hoping you’ll find the information useful when you’re trying to report a vulnerability…

Google Chrome released

Posted by SkyLined on September 4th, 2008 in , and · 4 Comments

Finally I can talk about what I’ve been doing since I left Microsoft: I’ve been working on security for Google Chrome; trying to find as many vulnerabilities before we shipped the beta. In the process I’ve found plenty of bugs in other browsers as well …