Archive for February, 2007

Microsoft Office Publisher 2007 DoS

February 24, 2007 @ 8:26 pm · Filed under Advisories, Flaws, Humor, Microsoft

Within the first five minutes of fuzzing Publisher 2007, I found 5 different bugs.  Anyway, this one is only a DoS but the others I am still investigating.  Below is a link to the advisory:

Microsoft Office Publisher 2007 DoS

Comments

Not Now, Im Blogging…

February 23, 2007 @ 12:24 pm · Filed under Humor

[youtube]12yD8JyaVvY[/youtube]

Comments

Apple OS X ImageIO ‘gifGetBandProc’ Integer Overflow

February 19, 2007 @ 8:20 pm · Filed under Advisories, Apple, Flaws

From the advisory:

An integer overflow vulnerability exists within ImageIO when processing a malformed .gif file. This allows for an attacker to cause the application to crash, and or to execute arbitrary code on the targeted host.

Below is a link to the advisory:

Apple OS X ImageIO “gifGetBandProc” Integer Overflow

Comments (3)

Microsoft launches Soapbox video community

February 18, 2007 @ 1:06 am · Filed under Microsoft, News

Microsoft has launched soapbox, its answer to YouTube. Looks like they are also using flash as its video format.

Comments (1)

eEye Releases UFuz3 : Integer File Fuzzer

February 13, 2007 @ 12:23 am · Filed under Fuzzers, News, Security, Tools

eeye digital securityeEye Digital Security researcher Yuji Ukai has released UFuz3 which is a very easy to use integer overflow file format fuzzer. Below is a description of UFuz3 from eEye:

UFuz3 is a binary file fuzzer focused on finding integer overflow vulnerabilities. This tool can audit any application which loads a binary file such as Windows Media player, Microsoft office, etc.

After the first five minutes of fuzzing Windows Media Player 11, I found two unique crashes. The only bummer your data file needs to be under 40kb.  You can download UFuz3 here…

Comments

« Previous Entries