Exploit the possiblities
Showing 76 - 100 of 765 RSS Feed

x86 Files

Comodo Antivirus Forwards Emulated API Calls To Real API
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

Comodo Antivirus includes a x86 emulator that is used to unpack and monitor obfuscated executables, this is common practice among antivirus products. The idea is that emulators can run the code safely for a short time, giving the sample enough time to unpack itself or do something that can be profiled. Needless to say, this is a very significant and complicated attack surface, as an attacker can trigger emulation simply by sending the victim an email or getting them to visit a website with zero user interaction. Multiple memory corruption issues have been found with the emulator.

tags | exploit, x86
systems | linux
MD5 | b0d2ff12669de241bd05f2f3090eee5b
Comodo Antivirus PSUBUSB Stack Buffer Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

Comodo Antivirus includes a full x86 emulator that is used to unpack executables that are being scanned. Files read from disk or received over the network, including email, browser cache and so on can all trigger emulation. The emulator itself uses a sequence of nested lookup tables to translate opcodes to the routines that emulate them. The xmm/ymm registers are used like a union in C. For example, the registers can be treated as 4 floats, 2 doubles, 2 dwords, 8 shorts and so on - whatever is appropriate. The comodo emulator uses a union to represent these registers, and then each emulated instruction uses whichever union member matches it's function. For example, PUNPCKLBW would use regs->words, PSRLQ would use regs->qwords and so on. The code for PSUBUSB incorrectly uses the wrong union member (words instead of bytes), meaning it will clobber double the space allocated by CPU::MMX_OPCODE(). The fix for this vulnerability is to use the bytes member of the union instead.

tags | advisory, x86
systems | linux
MD5 | 18e722c8e08dee73572315444edd1ce4
Comodo Antivirus Win32 Emulation Integer / Heap Overflow
Posted Mar 23, 2016
Authored by Tavis Ormandy, Google Security Research

A major component of Comodo Antivirus is the x86 emulator, which includes a number of shims for win32 API routines so that common API calls work in emulated programs (CreateFile, LoadLibrary, etc). The emulator itself is located in MACH32.DLL, which is compiled without /DYNAMICBASE, and runs as NT AUTHORITY\SYSTEM. These API routines access memory from the emulated virtual machine, perform the requested operation, and then poke the result back into the emulator. Because these emulated routines are all native code, they must take care not to trust values extracted from the emulator, which is running attacker controlled code. Browsing through the list of emulated routines, MSVBVM60!rtcLowerCaseVar jumped out as an obvious case of integer overflow due to trusting attacker-provided parameters.

tags | exploit, overflow, x86
systems | linux, windows
MD5 | d90a9a8e3ca03311bb0cf2f5d45238f0
Red Hat Security Advisory 2016-0450-01
Posted Mar 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file could possibly use this flaw to escalate their privileges on the system. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host.

tags | advisory, denial of service, overflow, arbitrary, x86, kernel, local
systems | linux, redhat
advisories | CVE-2013-2596, CVE-2015-2151
MD5 | 3d1ebf75586be6efc736f3e37729f3bc
Debian Security Advisory 3470-1
Posted Feb 10, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3470-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922
MD5 | 39bf91a809d301fe035ac60af251050f
Debian Security Advisory 3469-1
Posted Feb 10, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3469-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922
MD5 | 34b6d4c51cc5e4f14224ee3dfa59d600
Debian Security Advisory 3471-1
Posted Feb 10, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3471-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981
MD5 | ded9adc12dd631492b3380a60465ca09
Red Hat Security Advisory 2016-0103-01
Posted Feb 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0103-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #DB is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel. A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.

tags | advisory, denial of service, x86, kernel, local
systems | linux, redhat
advisories | CVE-2015-8104, CVE-2016-0728, CVE-2016-0774
MD5 | 28b58ec3dcd7bed7f48354876eaed0f5
Linux/x86 Download And Execute Shellcode
Posted Feb 1, 2016
Authored by B3mB4m

Linux/x86 download and execute shellcode.

tags | x86, shellcode
systems | linux
MD5 | 77236914e17e6d5765f8ad5e5b3f0171
Debian Security Advisory 3454-1
Posted Jan 27, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3454-1 - Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-5307, CVE-2015-8104, CVE-2016-0495, CVE-2016-0592
MD5 | 928150f1f1fbd941210a4cf479174f9f
64-Bit Linux/x86 unlink ecryptfs-mount-private Shellcode
Posted Jan 24, 2016
Authored by srm

64-bit Linux/x86 unlink ecryptfs-mount-private shellcode.

tags | x86, shellcode
systems | linux
MD5 | c023134e3c2ac7b5673b4aa296e2b7c3
Red Hat Security Advisory 2016-0046-01
Posted Jan 19, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0046-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | 979b27fedb6e66dbdba1eaa7a7dedae5
Red Hat Security Advisory 2016-0024-01
Posted Jan 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0024-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | d059f2158ce2e87f3a78a3da557db557
Microsoft Office / COM Object WMALFXGFXDSP.dll DLL Planting
Posted Jan 12, 2016
Authored by Google Security Research, scvitti

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.

tags | exploit, x86
systems | linux, windows, 7
advisories | CVE-2016-0016
MD5 | 23b7ee95c59b96ae7e931da8df2eacb9
Linux/x86 Egghunter Shellcode
Posted Jan 8, 2016
Authored by Dennis Herrmann

13 bytes small Linux/x86 egghunting shellcode.

tags | x86, shellcode
systems | linux
MD5 | 0a65f2b5ae2f4a7a9561d01691635431
Red Hat Security Advisory 2016-0004-01
Posted Jan 7, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0004-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | 7d6a14f9dafcf7c790a3733c51a79a36
Red Hat Security Advisory 2015-2645-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2645-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | bbe1a21e8bc821542d28094d83c51f46
Red Hat Security Advisory 2015-2636-01
Posted Dec 16, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2636-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-2925, CVE-2015-5307, CVE-2015-7613, CVE-2015-7872, CVE-2015-8104
MD5 | 3774cc91e9250b3134a34b569b444a3c
Microsoft Office / COM Object DLL Planting
Posted Dec 14, 2015
Authored by Google Security Research, scvitti

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. This attack also works on Office 2013 running on Windows 7 x64. Other platforms were not tested. The attached POC document "planted-mqrt.doc" contains what was originally an embedded Packager object. The CLSID for this object was changed at offset 0x2650 to be {ecabafc9-7f19-11d2-978e-0000f8757e2a} (formatted as pack(">IHHBBBBBBBB")). This object has a InProcServer32 pointing to comsvcs.dll. Specifically the CQueueAdmin object implemented in the dll. When a user opens this document and single clicks on the icon for foo.txt ole32!OleLoad is invoked on our vulnerable CLSID. This results in a call to a class factory constructor that tries eventually tries to call mqrt!MQGetPrivateComputerInformation. Because mqrt is a delay loaded dll the loader has inserted a stub to call _tailMerge_mqrt_dll on the first call of this function. This results in a kernelbase!LoadLibraryExA call vulnerable to dll planting. If the attached mqrt.dll is placed in the same directory with the planted-mqrt.doc file you should see a popup coming from this DLL being loaded from the current working directory of Word.

tags | exploit, x86
systems | linux, windows, 7
advisories | CVE-2015-6132
MD5 | 7baf5545ef803add763ebdd29e019de5
Red Hat Security Advisory 2015-2587-01
Posted Dec 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2587-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-2925, CVE-2015-5307, CVE-2015-7613
MD5 | 1cee6dd6b1125ce72c0f2594112b8390
Red Hat Security Advisory 2015-2552-01
Posted Dec 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2552-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.

tags | advisory, denial of service, x86, kernel
systems | linux, redhat
advisories | CVE-2015-5307, CVE-2015-8104
MD5 | 7565ce49f3b56e667e33f9ac550d1c80
Linux x86/x86_64 execve Shellcode
Posted Dec 4, 2015
Authored by B3mB4m

Linux execve shellcode that works on both x86 and x86_64.

tags | x86, shellcode
systems | linux
MD5 | fed90ad7073ec7b0d4c6dfdc86ba4055
Debian Security Advisory 3384-1
Posted Oct 30, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3384-1 - Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.

tags | advisory, x86, vulnerability
systems | linux, debian
advisories | CVE-2015-4813, CVE-2015-4896
MD5 | a176783623893216933f42c296ff1ecc
Intel x86 Considered Harmful
Posted Oct 29, 2015
Authored by Joanna Rutkowska

This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.

tags | paper, x86
MD5 | 0332f6a23b8f8f97862af9f9d66869bb
Microsoft Office 2007 And 2010 RTF Frmtxtbrl EIP Corruption
Posted Oct 8, 2015
Authored by Google Security Research, scvitti

This proof of concept shows a crash that was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in Microsoft Office 2013 running under Windows 8.1 x86.

tags | exploit, x86, proof of concept
systems | linux, windows, 7
MD5 | 1128dbfd7ec8f86a7ab1a7b5e1f5fd56
Page 4 of 31
Back23456Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close