jwz: 15-Feb-2015 (Sun)

Now you have two problems, and one of them is Flash.

Project Zero: (^Exploiting)\s(CVE-2015-0318)\s(in)\s*(Flash$)

Quick summary - it's a bug in the PCRE regex engine as used in Flash. Spoiler: it's exploitable. [...]
Below is what happens when we compile a regex that combines the \c escape sequence (which is intended to match a single ASCII character) with a multibyte UTF-8 character. A simple trigger for the bug is '\\c\xd0\x80+', below. [...]
So clearly something has gone wrong... The question is now how to leverage this invalid bytecode to get code execution.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: computers, doomed, regexp, security

Current Music: Heartsrevolution -- Digital Suicide ♬

InstaDoom

Doom has been modded to have Instagram filters and a selfie stick.

"Use the rule of thirds to compose your slaughter!"

Previously, previously, previously, previously, previously.

Tags: computers, retrocomputing, toys

Search for:
Recent Posts
Recent Comments
- Jef Poskanzer on Sex Work Bollards: Not Actually Bollards
- Marko Karppinen on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Uli Kusterer on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Andres Salomon on Sex Work Bollards: Not Actually Bollards
- Nick gully on Sex Work Bollards: Erectile Dysfunction
- Larry Mulcahy on Recent movies and TV
- CSL3 on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Karellen on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Karellen on Sex Work Bollards: Erectile Dysfunction
- Dr. Fancypants on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- jwz on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Leonardo Herrera on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- jwz on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Frandroid on Sex Work Bollards: Erectile Dysfunction
- Frandroid on Sex Work Bollards: Erectile Dysfunction
- Frandroid on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Frandroid on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Jef Poskanzer on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- MarkTurnerNC on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Nick Lamb on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Donald Ball on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- tl on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- MarkTurnerNC on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
- Donald Ball on AI-Controlled Drone Goes Rogue, Kills Human Operator in USAF Simulated Test
February 2015

S M T W T F S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

« Jan Mar »
Archives
- 2023 (137)
- 2022 (367)
- 2021 (389)
- 2020 (473)
- 2019 (376)
- 2018 (525)
- 2017 (583)
- 2016 (518)
- 2015 (633)
- August 2015 (58)
- July 2015 (53)
- June 2015 (48)
- May 2015 (66)
- April 2015 (55)
- March 2015 (65)
- February 2015 (62)
- January 2015 (58)
- December 2014 (46)
- November 2014 (56)
- October 2014 (64)
- September 2014 (54)
- August 2014 (53)
- 2014 (709)
- 2013 (728)
- 2012 (870)
- 2011 (767)
- 2010 (725)
- 2009 (590)
- 2008 (519)
- 2007 (374)
- 2006 (505)
- 2005 (578)
- 2004 (524)
- 2003 (634)
- 2002 (496)
Previously