Eleonore is One Ugly Mistress
While taking a break from malicious PDFs, I decided it would be a good idea to start breaking down some of these well-known exploit kits. I have seen a couple good write ups on how the kits are...
View ArticleNull Pointer DoS in MSHTML!CMarkup::InitCollections
Yesterday, Brandon Dixon released his JavaScript obfuscation tool. In testing his tool he observed a DoS condition when viewed in Internet Explorer (IE) versions 6, 7, and 8. You can observe this bug...
View ArticleObserving the Enemy : CVE-2012-0754 PDF Interactions
Earlier today I was tipped off that CVE-2012-0754 had made its way into a PDF document and got ahold of a sample to reverse. This sample was obtained from the public PDF X-RAY repository by searching...
View ArticleToying With MS11-050
Update 06/29/2011 – 3:46PM I have modified a local copy of the exploit file I have to run safetly (no shellcode) and still get a crash. Initially I suspected that the final aspects of the JavaScript...
View ArticleAV Bypass for Malicious PDFs Using XDP
Update – 06/19/2012 alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:”FILE-PDF Adobe PDF XDF encoded download attempt”; flow:to_client,established; flowbits:isset,file.xml; file_data;...
View Article