Team 509's Home

POC of CVE-2010-0049

POC of a safari vuln

�ӻ�δ��ɽ��,loaderԭ��

IDA��DumpBin�ȹ��ڼ��Tls Callback��ʱ��ڵ�һ��⣬��

IDA Pro plugin wizard��һ��bug��

IDA Pro plugin wizard is great tools for writing IDA's plugin.
By using this tools, I find a little bug in it.

the bug is that when your IDA's install path include a space.
for example:C:\\Program Files\\IDA(IDA's default install path)
IDA Pro plugin wizard will can't copy the .plw file to IDA's plugins folder.

the reason of this bug is the tools use the command:
copy /y XXXXX.plw C:\\Program Files\\IDA\\plugins
to copy the .plw file to IDA's plugins folder,if the IDA path include a space,this command will fail.

I think I can fix this bug by changing a file.
the file is \\IDA_Plugin_Wizard_VS2005\\Put Contents into AppWiz\\IDA Pro Plugin\\Scripts\\1033\\default.js
No. 246 line is :
idaBinDir = wizard.FindSymbol("BINPATH") + '\\\\plugins';
I chang it to :
idaBinDir = '\\"' \+ wizard.FindSymbol("BINPATH") + '\\\\plugins\\"';
then save the file,the bug has be fixed.

��İ��ϸ��...

Reverse Engineering Code with IDA Pro��

��
��ڿ�ѩѧԺ��Reverse Engineering Code with IDA Pro��ͼ�鷭��Ŀ��http://bbs.pediy.com/showthread.php?t=66430��˸��е��ߡ��¡��֯��飬��й��壬��Ϊ��£��϶��ߡ��и��ԭ�ĵ�ԭ��ǣ��ڷ��Ƕ�ԭ�Ľ��У�ԣ��һЩ��ĵط��Ѿ��Ծ��߿��ж��ղ��ġ��ϣ��ǵ��ܱ�E��ԭ��һЩ☺
��Ȩ��У�л��ת�ء�

��Ҫ��
��һ��read()��ʼ��Э��з��
��Э��ݰ��ĸ�ʽ
��Э��Ƿ��к��
ʹ��IDA�ҳ��ڴ��ĳ��ݰ��к��

Adobe Flash Player Code Execution Vulnerability(CVE-2007-0071)

Adobe Flash Player is vulnerable to a buffer overflow, caused by an integer overflow vulnerability in the processing of multimedia files. By creating a specially crafted multimedia file and persuading the victim to open the file, a remote attacker could overflow a buffer and execute arbitrary code on the system.

The integer overflow vulnerability is detailed in CVE-2007-0071¹. An attacker may be able to trigger this overflow by convincing a user to open a specially crafted SWF file. The SWF file could be hosted or imbedded in a webpage.

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution(MS08-026)

all content from : http://secunia.com/gfx/pdf/SA30143_BA.pdf ,thanks secunia.

A vulnerability in Microsoft Word when processing drawing objects in RTF files can be
exploited by malicious people to compromise a user's system.

Mozilla Foundation Security Advisory 2008-55

Title: Crash and remote code execution in nsFrameManager
Impact: Critical
Announced: November 12, 2008
Reporter: ling and wushi of team509 (via TippingPoint)
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.0.4
Firefox 2.0.0.18
Thunderbird 2.0.0.18
SeaMonkey 1.1.13

China quake

I think all of you know that a 7.8-magnitude earthquake hit China's Sichuan province on Monday. Till now, it's already caused over 28,500 death (the final number might reach 50,000). More than 100,000 people injured and at least 12,000 people still buried under collapsed buildings, many of them are children.

��̸TLS_CallBack��ԭ��̡��ֹ��Ⱦ��

��TLS_CallBack��ֲ߳̾��洢�ص��Ū��Լ��ȾPE�ļ��ķ��Ѿ��ʲô�¼��ˡ��ǳ��ϵ��ǣ�ǰЩ��ģ��IDA��Guilfanov��ϵġ�TLS callbacks��һ�ľ�Ȼ�õ��6��5�֣��Ǻǡ�Ҫ֪��Ϊ�Ƚ��ġ��Lookaside��ʵ��Exploit��2�ַ��Ҳֻ��õ�5��5�ְ��ô�ˣ�
��ƪ��TLS callbacks��Ĳ��Ǻ�ϸ��ⷽ��Ҳֵ��ȶ��Ȼ��µ�д��йأ��Ҫ��Ϊ�˲�Ҫ��6��5�֣��Ҳ��TLS_CallBack��٣��дƪ��ϸ�ģ��ܻ��Ϻ�ǾͲ��ÿ��☺

��ʽ��ͣ�Front End Allocator

"Front End Allocator"��ʲô��˼��
�Լ�һЩ��⻰��

Team 509's Home

POC of CVE-2010-0049

�ӻ�δ��ɽ����,loaderԭ��������

IDA Pro plugin wizard��һ��bug����������

Reverse Engineering Code with IDA Pro�������������