Alert Logic

Analysis of CVE-2011-1852 Buffer Overflow in HP Intelligent Management Center TFTP Server.

We recently published an article in Virus Bulletin which discussed the exploit technique which is possible due to the improper implementation of protocol specifications. This can lead to traditional exploitation vectors such as remote code execution and DoS attacks. In such cases, protocol specification documents are required to derive the condition …

More Details on Alert Logic’s Amazon EC2 Announcement

Today Alert Logic and Datapipe are announcing a new product that extends our network intrusion monitoring capabilities to public clouds, with initial support for the Amazon EC2 service. This is the first such service that was developed from the ground-up for deployment on Amazon Web Services, making it industry’s first …

Exploitation due to the improper implementation of Proprietary Protocol Specification: A new trend

Understanding the exploitation of vulnerability is important both for the product security team and for the research teams that authors signatures for network intrusion prevention/detection (NIS) devices.

Product security team needs to gain an understanding of the vulnerable part of the code and provide an update, or patch, to fix …

Smart Binary Diffing

Binary diffing is generally performed to understand the changes in the code such that the fixes in the code can be analyzed and then these fixes can be used for the generation of NIS signatures. We have discussed patch analysis of many vulnerabilities in some of our previous blog posting. …

New Microsoft Detection Released

One that I found particularly interesting is CVE-2011-0658 (Microsoft Windows OLE Automation Remote Code Execution). Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and …