Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Monthly Binary Analysis Update (February)

Get this blog as an RSS Feed
February is (long) gone and it's therefore time to re-cap on our Binary Analysis feats in the recent month.
16:37 CET on the 11th March 2009
Entry written by Carsten Eiram.

February is (long) gone and it's therefore time to re-cap on our Binary Analysis feats in the recent month.

This wasn't a terribly busy month, but 22 analyses were still issued and two of the analysed vulnerabilities were particularly interesting.

Adobe Reader/Acrobat JBIG2 Stream Array Indexing Vulnerability
(SA33901 / CVE-2009-0658)
This vulnerability was actively being exploited as a 0-day vulnerability for a long time and was just patched in some versions yesterday (the remaining patches should be available on 2009-03-18).

As the first exploits being spotted were using JavaScript to make code execution more reliable, many sources recommended users to disable JavaScript support in Adobe Reader/Acrobat to prevent exploitation. However, shortly after my team proved during the Binary Analysis process that exploitation was possible to achieve in a reliable manner even without using JavaScript. More about this can be found here.

Internet Explorer CFunctionPointer Object Handling Vulnerability
(SA33845#1 / CVE-2009-0075)
This vulnerability was one of the vulnerabilities addressed by the February security updates released by Microsoft.

Internet Explorer supports certain event methods for interacting with elements. When called, Internet Explorer may create a CFunctionPointer object containing a reference to the element for which an event method was called. If the same event method is later called by a cloned element, the same CFunctionPointer object is used, which may lead to a use-after-free error if the original element has been deleted. This can be exploited to call into already freed memory and allows executing arbitrary code.

The vulnerability was not that straight-forward to find and analyse, but within a week we released a thorough, detailed analysis. Shortly after, we started seeing exploits for this vulnerability becoming publicly available. Fortunately, we managed to provide our customers with the detailed analysis a couple of days before and thus ensured that their signatures could already detect these exploits.

That's it for this month. I will, however, be issuing another blog soon(ish) where I rant a bit about the Secunia Research team and the efforts we put into discovering and reporting new vulnerabilities in popular software. You can also keep track of our latest exploits here.

Also, should anyone reading this feel that they have the hardcore skills required to be a part of the Secunia Advisories and/or Secunia BA team (and have a penchant for the cool Scandinavian climate), then don't hesitate to read more about our open positions here and send your application to techjob [at] secunia.com.

Stay Secure,

Carsten Eiram
Chief Security Specialist

P.S. Since it must almost be considered tradition by now, I've naturally uploaded a new binary analysis to our sample page.

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Monthly Binary Analysis Update (February)
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer