Yesterday I gave a talk at a Polish security conference held in Warsaw, Poland, called “Ucieczka z Matrixa: (nie)bezpieczna analiza malware” (eng. “Escaping the Matrix: (in)secure malware analysis”). The presentation was lightly technical and concerned the different threats of using popular software to aid in interacting with and analyzing malware samples. While the talk was prepared entirely in Polish, most of the slides should be easily understandable by English speakers, and Google Translate works pretty well, so I decided to share them here anyway:
A part of the presentation was dedicated to multiple memory corruption Hex-Rays IDA Pro vulnerabilities I discovered earlier this year (see the product Changelog). Below you will find the original reports I sent to the vendor in September:
- [COFF] [DBG] Heap Memory Corruption due to Integer Underflow.
- [EPOC] 4-Byte Heap Buffer Overflow due to an Off-By-One in bounds checking.
- [DEX] Heap Buffer Overflow due to Integer Overflow.
- [PEF] Multiple (4) instances of Heap Buffer Overflows due to integer problems.
- [PEF] Heap Memory Corruption due to logical bugs in memory management.
- [UNIVERSAL] Heap Buffer Overflows due to logical bugs in memory management (BADMEMSIZE constant), exploitable via multiple file formats on Linux.
Download: ida6.6_bugs.zip (1.71 MB)
Kudos to Ilfak Guilfanov and Hex-Rays for a very quick turnaround (less than two weeks from sending the reports to releasing bugfixes) and running the Bug Bounty Program! Keep up the good work!