RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | September 20, 2007

Multiple Buffer Overflows in legacy mod_jk2 apache module 2.0.3-DEV and earlier

CVE-2007-6257, VU#245025. Discovered: 05.01.07. Reported: 06.27.07. Disclosed: 09.20.07. A buffer overflow vulnerability exists in the Host Header field of the legacy version of the mod_jk2 apache module (jakata-tomcat-connectors), which allows for remote code execution in the context of the Apache process.

Launch PDF
Josh Betts Jason Larsen & Walter Pearce
Disclosures | ADVISORIES |

Buffer Overflow in Mono BigInteger Montgomery Reduction Method

VU#146292. Discovered: 07.25.07. Reported: 08.24.07. Disclosed: 09.20.07. An exploitable buffer overflow vulnerability exists in the Montgomery reduction method within the Mono Frameworks BigInteger Class (Mono.Math.BigInteger).

Launch PDF
Jason Larsen & Walter Pearce
Disclosures | ADVISORIES | March 26, 2007

Static Microsoft Windows WPAD entries might allow interception of traffic

CVE-2007-1692. Disclosed: 03.26.07. The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries. A remote attacker could leverage this to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests.

Read More
Chris Paget

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)