heap overflow


Last month I discovered and reported an integer overflow vulnerability in the Windows Registry. Last Tuesday, October 25th, Microsoft released Security Bulletin MS16-124, which contains the patch for this vulnerability, and identifies it as CVE-2016-0070. This vulnerability could lead to local privilege elevation, and is rated as “Important” by Microsoft. The vulnerability affects multiple Windows versions, and Microsoft has recommended installing this update immediately. In this blog I will share the details of this vulnerability. How... [Read More]
by RSS Honggang Ren  |  Oct 31, 2016  |  Filed in: Security Research
Summary On the patch Tuesday of this month, Microsoft patched 3 Office vulnerabilities in MS16-004. The vulnerability CVE-2016-0010 was discovered by myself and Fortinet's threat research team at the FortiGuard Labs. It is a heap overflow vulnerability in Microsoft Office because it fails to parse RTF documents correctly. Successful exploitation of this vulnerability could allow malicious users to create remote code execution scenarios. The underlying problem involves a typical heap overflow caused by a user-supplied value which is copied... [Read More]
by RSS Kai Lu  |  Jan 20, 2016  |  Filed in: Security Research
Overview Microsoft Office is the most popular productivity suite in the world, first released by the Redmond software giant in 1988. Microsoft releases updates and patches for its software, including Office, on what is now commonly known as Patch Tuesday (the second and sometimes the fourth Tuesday of each month). Today, Patch Tuesday includes not one, not two, but three vulnerabilities discovered by researchers at FortiGuard Labs. The first is a heap overflow vulnerability Microsoft Word 2007. Although it was released eight years ago, Office... [Read More]
by RSS Kai Lu  |  Dec 08, 2015  |  Filed in: Security Research
FortiGuard researchers discovered a heap overflow vulnerability in Apple QuickTime that could lead to arbitrary code execution and severe system crashes on both Windows and OS X versions of the popular multimedia software. This vulnerability (CVE-2015-3668 isolated and identified by FortiGuard Labs) follows on the heels of CVE-2015-3667, (disclosed yesterday by Cisco and simultaneously discovered by FortiGuard Labs), leaves unpatched versions of Quicktime open to multiple exploits. Quicktime relies on special containers for movie data called... [Read More]
by RSS Aamir Lakhani  |  Jul 01, 2015  |  Filed in: Industry Trends & News