Windows 10 RS2/RS3 GDI data-only exploitation tales (OffensiveCon 2018)
Hello, I'm Nikos Sampanis, a security researcher working at CENSUS. On February 16th, 2018 I presented at OffensiveCon a talk with the title "Windows 10 RS2/RS3 GDI data-only exploitation tales". The presentation focused on a mitigation introduced in the Win32k component of Microsoft Windows to prevent the exploitation of memory corruptions in the session heap (due to GDI object abuse).
OffensiveCon 2018
CENSUS is proud to announce its participation in OffensiveCon 2018 as a Silver Sponsor.
Android stagefright ih264d_read_mmco_commands libavc heap overflow
| CENSUS ID: | CENSUS-2016-0004 |
| CVE ID: | CVE-2016-0842 |
| Android ID: | 25818142 |
| Affected Products: | Android OS 6.0 — 6.0.1 |
| Class: | Out-of-bounds Write (CWE-787) |
| Discovered by: | Anestis Bechtsoudis |
Android provides a media playback engine at the native level called Stagefright that comes built-in with software-based codecs for several popular media formats. Stagefright features for audio and video playback include integration with OpenMAX codecs, session management, time-synchronized rendering, transport control, and DRM.
Kamailio SEAS module encode_msg heap buffer overflow
| CENSUS ID: | CENSUS-2016-0009 |
| CVE ID: | CVE-2016-2385 |
| Affected Products: | Kamailio 4.3.4 (and possibly previous versions) |
| Class: | Heap-based Buffer Overflow (CWE-122) |
| Remote: | Yes |
| Discovered by: | Stelios Tsampas |
Kamailio (successor of former OpenSER and SER) is an Open Source SIP Server released under GPL, able to handle thousands of call setups per second. Kamailio can be used to build large platforms for VoIP and realtime communications, presence, WebRTC, Instant messaging and other applications. It can also easily be applied to scaling up SIP-to-PSTN gateways, PBX systems or media servers.