HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Adobe's CVE-2015-5090 - Updating the Updater to become the bossman

In July 2015, Adobe patched many different bugs in Reader and Acrobat. One of those bugs, CVE-2015-5090, can allow code execution with SYSTEM privileges. This deep dive covers the discovery of the bug and how it can be used as a functioning exploit.

Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix

zdi-small.pngIn accordance with the Zero Day Initiative’s disclosure policies, we are releasing full details on the CVE-2015-0096 issue patched today in MS15-020. This issue concerns a Stuxnet vulnerability first allegedly addressed by MS10-046. We track this issue as ZDI-15-086.

CVE-2015-0096 issue patched today involves failed Stuxnet fix

zdi-small.pngA vulnerability disclosed to Microsoft by the Zero Day Initiative demonstrates that fully patched machines have been vulnerable to the CVE-2010-2568 – the LNK vulnerability first widely reported in Stuxnet -- for nearly five years.

Changes to Zero Day Initiative program benefits

zdi-small.pngAs the Zero Day Initiative looks forward to 2015, changes are coming to our program benefits. They’re designed to encourage new researchers and further reward our frequent submitters.

Process Introspection with Python

Triggering vulnerabilities and design flaws found through static analysis and research is a difficult process, and it can get complicated when the vulnerability lies in a less-accessible part of the code. We’ve developed a Python-based technique for effective, fairly quick prototyping and testing of such vulnerabilities.    

Chrome on a Nexus 4 and Samsung Galaxy S4 falls

Late on day two of Mobile Pwn2Own, another contestant steps into the fray to attempt Chrome on a Nexus 4.

Local Japanese team exploits mobile applications to install malware on Samsung Galaxy S4

Time to rethink how you use your browser on your mobile device. Social engineering + application exploit = malware

Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I am a senior security content developer with Hewlett-Packard Security Research (HPSR). In this role, I write and edit security analysis and supporting content from researchers, including those from HP’s Zero Day Initiative (ZDI) program. The ZDI program augments HP’s Enterprise Security Products with zero-day research through a network of over 3,000 independent researchers around the world. I am also responsible for providing insight into the threat landscape; competitive intelligence to the research team; and providing guidance on the social media roadmap. Part of my role includes speaking publicly and promoting the research and technology of the HPSR.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.