RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | September 20, 2007

Buffer Overflow in Mono BigInteger Montgomery Reduction Method

VU#146292. Discovered: 07.25.07. Reported: 08.24.07. Disclosed: 09.20.07. An exploitable buffer overflow vulnerability exists in the Montgomery reduction method within the Mono Frameworks BigInteger Class (Mono.Math.BigInteger).

Launch PDF
Jason Larsen & Walter Pearce
Disclosures | ADVISORIES | March 26, 2007

Static Microsoft Windows WPAD entries might allow interception of traffic

CVE-2007-1692. Disclosed: 03.26.07. The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries. A remote attacker could leverage this to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests.

Read More
Chris Paget

IOActive has a renowned history of uncovering security vulnerabilities in information technology platforms and devices. Our clients frequently ask our consultants to evaluate new products and technologies on their behalf. Our research teams regularly evaluate new devices and software. As a result, IOActive often discovers new bugs and vulnerabilities in third-party products, which can have a damaging impact on our clients’ security if the vulnerable vendors do not fix these issues in a timely manner. Learn more about our disclosure policy here.

Archive