« June 2012 | Main | August 2012 »

July 2012

July 24, 2012

Android DNS Poisoning: Randomness gone bad (CVE-2012-2808)

Recently we discovered a very interesting vulnerability in Android’s DNS resolver, a weakness in its pseudo-random number generator (PRNG), which makes DNS poisoning attacks feasible. 

DNS poisoning attacks endanger the confidentiality and integrity of the target victim’s machine. For instance, DNS poisoning can be used to steal the victim’s cookies, or tamper with weak applications’ update mechanisms in order to execute malicious  code.

The official advisory with full details can be found here.

This blog post summarizes the advisory.

Continue reading "Android DNS Poisoning: Randomness gone bad (CVE-2012-2808)" »

Posted by on July 24, 2012 | | Comments (4) | TrackBack (0)

| |

July 16, 2012

Microsoft Windows Shell Command Injection - MS12-048 (CVE-2012-0175)

CVE-2012-0175

Background

Windows File Association allows an application to define a handler that should be called for each operation on a specific file type.

For example, WinRAR registers the file type .RAR in the following manner:

image

The Open action defined for this file type dictates how the handler should be called upon opening the file.

The command that will be executed for this example of WinRAR is:

"C:\Program Files\WinRAR\WinRAR.exe" "%1"

(Where the %1 is replaced with the filename that the client clicked on)

Theoretically if an attacker was able to create a file called

Stu"ff.rar

He will be able to break the command string.

Continue reading "Microsoft Windows Shell Command Injection - MS12-048 (CVE-2012-0175)" »

Posted by on July 16, 2012 | | Comments (6) | TrackBack (0)

| |

July 10, 2012

toStaticHTML: The Second Encounter (CVE-2012-1858)

HTML Sanitizing Bypass - CVE-2012-1858

Introduction

The toStaticHTML component, which is found in Internet Explorer > 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content.

If an attacker is able to break the filtering mechanism and pass malicious code through this function, he/she may be able to perform HTML injection based attacks (i.e. XSS).

It has been a year since the first encounter was published, we've now returned with a new bypass method.

Vulnerability

An attacker is able to create a specially formed CSS that will overcome toStaticHTML's security logic; therefore, after passing the specially crafted CSS string through the toStaticHTML function, it will contain an expression that triggers a JavaScript call.

Continue reading "toStaticHTML: The Second Encounter (CVE-2012-1858)" »

Posted by on July 10, 2012 in Public Site Vulnerability Research, Research, Web Application Security | | Comments (1) | TrackBack (0)

| |

July 02, 2012

XSS Analyzer Gives You 700 Million Reasons To Feel Secure

When it comes to detecting Cross-Site Scripting (XSS), AppScan is the industry's #1 tool. Today we're making it even better.

AppScan's "XSS Analyzer" is one of the most significant DAST innovations in recent years. It breaks the mold of the standard way of doing black-box testing, that has been essentially unchanged for the last twelve years, and really does something new. Something fresh. Something exciting.

Here's why we believe XSS Analyzer sets itself apart from any other scanner out there: XSS Analyzer works and thinks like a human pentester does. We've packaged the experience and expertise of the best pentesters in the industry, together with the broadest possible knowledge about the different ways to exploit XSS. Essentially, we've created an "expert human pentester in a box".

Continue reading "XSS Analyzer Gives You 700 Million Reasons To Feel Secure" »

Posted by on July 02, 2012 in Research, Web Application Scanners, Web Application Security, Web/Tech | | Comments (6) | TrackBack (0)

| |

Follow us on Twitter

IBM Application Security Insider
IBM Application Security Insider

AppScan Free Trial


Try IBM Security AppScan software at no charge.

Search

Recent Posts

Archives

Categories

Pages

Become a Fan