Posted by SkyLined on July 16th, 2010 in PoC and Security ·
While looking at logs from my fuzzers, I found a bug in UltraEdit that triggered when I loaded a file with a long string of alphabetic characters…
Posted by SkyLined on April 12th, 2010 in Browsers, Chrome, Firefox, Internet Explorer, Opera, PoC, Safari and Security ·
From http://support.apple.com/kb/HT4104:
CVE-ID: CVE-2010-0536
Impact: Opening a maliciously crafted BMP image may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in the handling of BMP images…
Posted by SkyLined on April 12th, 2010 in Browsers, HTML, Internet Explorer, JavaScript and PoC ·
The following code snippets will crash MSIE 9 platform review…
Posted by SkyLined on March 1st, 2010 in Browsers, HTML, Internet Explorer, JavaScript, PoC, Programming Languages and Security ·
In 2005 I released Internet Exploiter 2, which helped make heap spraying popular in browser exploits…
Posted by SkyLined on January 10th, 2010 in Assembler, PoC, Programming Languages, Python, Security and Tools ·
I realized that if I would wait until I had fully documented everything in ALPHA3, it would probably never get released…
Posted by SkyLined on April 19th, 2009 in Browsers, Internet Explorer, PoC and Security ·
Microsoft has just released a fix for an issue I reported to them on December 4th, 2008. A simple repro can be found here…
Posted by SkyLined on January 7th, 2009 in Browsers, Internet Explorer, PoC and Security ·
MSIE can be made to crash with a NULL ptr Read AV by executing a very small piece of JavaScript. This affects MSIE 6.0, 7.0 and 8.0 beta2…
Posted by SkyLined on January 5th, 2009 in ASCII Art, Browsers, PoC and Safari ·
CVE-2008-2303 covers an integer overflow in the handling of indices in the “arguments” array in Apple Safari that affects iPhone, iPod and PC (Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in July and for PC in November…
