Security Research

by Alexander Sotirov

Navigation

Resources

Latest posts

• Assured Exploitation 2011
• You Should Work for Symantec
• CSAW final challenge
• CSAW reversing challenge
• Darknet design

Archives

• 2011 | 2010 | 2009 | 2008

Follow

• Twitter
• Blog feed

Contact

• alex@sotirov.net
• PGP key

Meet me at

• CanSecWest

  Vancouver, Mar 9-11

• Infiltrate

  Miami Beach, Apr 16-17

Third-party patches

At Determina I developed a series of free patches for critical zero-day vulnerabilities in Internet Explorer before Microsoft released their official patch. These vulnerabilities have long since been fixed, but the patches are still available for reference.

The techniques used to produce these patches were discussed in the presentation Hotpatching and the Rise of Third-Party Patches at BlackHat USA 2006.

Animated cursor stack overflow

This is a runtime fix for the Animated Cursor stack overflow vulnerability (CVE-2007-0038) affecting Internet Explorer, Mozilla Firefox, Microsoft Outlook and many other applications. It can be applied to Windows 2000 SP4, XP SP2 and 2003 SP1-2 systems and patches the vulnerabile code in memory, without modifying any files on disk.

This fix was released on Apr 2, 2007

README

Downloads:

MSI installer (PGP, SHA1)
Source code and binaries (PGP, SHA1)

Vendor status:

MS07-017 was released on Apr 3, 2007

Internet Explorer WebViewFolderIcon setSlice integer overflow

This is a runtime fix for the Internet Explorer WebViewFolderIcon setSlice vulnerability (CVE-2006-3730). It can be applied to Windows 2000, XP and 2003 systems and patches the vulnerabile code in memory, without modifying any files on disk. To test if you are vulnerable, please use the following test page. When the zero-day patch is installed, Internet Explorer will be protected silently and the test page will not crash your browser.

This fix was released on Sep 29, 2006

README

Downloads:

MSI installer (PGP, SHA1)
Source code and binaries (PGP, SHA1)

Vendor status:

MS06-057 was released on Oct 10, 2006

Internet Explorer createTextRange Vulnerability

This is a runtime fix for the Internet Explorer createTextRange vulnerability (CVE-2006-1359). It can be applied to Windows 2000, XP and 2003 systems and patches the vulnerabile code in memory, without modifying any files on disk.

This fix was released on Mar 27, 2006

README

Downloads:

MSI installer (PGP, SHA1)
Source code and binaries (PGP, SHA1)

Vendor status:

MS06-013 was released on Apr 11, 2006