HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Displaying articles for: September 2013

Deep impact - the ZDI disclosure policy

The main objective of HP’s Zero Day Initiative is to reward security researchers for responsibly disclosing vulnerabilities.  Through this program, nearly 300 vulnerabilities have been discovered and patched between August 1, 2012 and August 31, 2013.

 

Keep reading to find out how responsible disclosure programs play a role in securing software – and what happened when we turned the focus on ourselves.

 

CVE-2013-3112: From NULL to Control - Persistence pays off with crashes

Months ago, my fuzzer found a bug that was initially flagged as a NULL pointer dereference. The crash instruction was different from the others, so I decided to minimize the crash and have a closer look. Things got quite interesting, and with some persistence, ended up in control of EIP (Extended Instruction Pointer).  This article walks through the whole analysis process from a null pointer crash to fully controlling execution. 

Labels: crashes| security
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.