Pages - Menu

Tuesday, November 25, 2014

Google Chrome caused a crash..!


Title : Google Chrome caused a crash..!
Version: 35.0.1916.114
Discoverer: Veysel HATAŞ (vhatas@gmail.com)
Web page : www.binarysniper.net
Test: Windows 8
Status: Not Fixed

Discovered: 24 May 2014
Reported: 25 November 2014
Published: 25 November 2014
ID: https://code.google.com/p/chromium/issues/detail?id=436382

windbg crash log


Crash report from EMET






Thursday, March 20, 2014

Immunity Debugger Stack Overflow Vulnerability – PoC

It's not always possible to find vulnerabilities or even zero days after using methods of reverse engineering or fuzzing, but this time I was super lucky. 2 months ago, I was studying Corelan’s article about heap spray exploitation which is a great one. During the study, while I was debugging Internet Explorer 7, Immunity Debugger (the last version, 1.85) has crashed and WinDBG handled the exception. I was really surprised.

When I looked back to determine what caused it to crash, I noticed that SE-Handler was recursively added to its SEH chain. Because SEH chain was created on stack segment and SEH chain was too long, this caused a stack overflow and Immunity Debugger crashed.



After realizing the cause of the crash, I quickly wrote a dirty PoC code to trigger the stack overflow vulnerability. The following PoC code creates try-catch blocks to overflow the stack.


It was tested on Windows 7 and Windows XP. In both of them, DEP protection was disabled.



When I look at the following !exploitable output, it is stated that this vulnerability is not exploitable. 

0:000> !exploitable
!exploitable 1.6.0.0
Exploitability Classification: PROBABLY_NOT_EXPLOITABLE
Recommended Bug Title: Read Access Violation near NULL starting at ImmunityDebugger!Addsorteddata+0x0000000000000069 (Hash=0xa84b56c5.0x36b8c4de)
This is a user mode read access violation near null, and is probably not exploitable. 

This vulnerability was reported to the Immunity to support@immunityinc.co on 06 January 2014.


Thursday, August 8, 2013

Hello World

Hello Everybody, This blog is created for researchers to have comprehensive knowledge about vulnerability research and exploit development.

We are planning to post about many subjects to this blog such as,
  • Exploit development 
  • Vulnerability research 
  • Fuzzing
  • Network packet injection
  • Malware Analysis
Additionally, Keep in mind that all posts in this blog will be only for academic usage. We are not responsible for malicious usage.

Have a nice research...