The Power of Pair: One Template that Reveals 100+ UAF IE Vulnerabilities

Presented at Black Hat Europe 2014, Oct. 16, 2014, 3:30 p.m. (60 minutes).

The browser, as no one needs to explain, plays a very important role in security. There are many browser fuzzing tools, like cross_fuzz and grinder, which help people to build their own browser fuzzing system.

However, the most important thing of fuzzing is the fuzzing strategy. With a good strategy, we can find more vulnerabilities instead of useless crashes. With a unique strategy, we can find bugs that others couldn't find.

From September 2013 to April 2014, we discovered more than 100 IE use-after-free vulnerabilities. We got 19 CVEs that affect all versions of Microsoft IEs. We also have more than 50 pending IE vulnerabilities at MSRC.

In this talk, we are going to introduce the vulnerability hunting system we built from scratch and the fuzzing strategy we used.


Presenters:

  • Bo Qu - Palo Alto Networks
    Bo Qu is a Principle Engineer from Palo Alto Networks. His skills include vulnerability research and coverage, bug hunting, reverse engineering, binary diff, exploitability research and analysis, and vulnerability reproducing and coverage. He also does research on iOS, Android and other mobile OS security.
  • ChienHua Lu - Palo Alto Networks
    ChienHua (Royce) Lu is a Security Researcher from Palo Alto Networks. He is interested in anti-malware technology, reverse engineering, kernel programming, virtualization, and exploit detection.

Links:

Similar Presentations: