3 posts in tag Buffer overflow

Analyzing CVE-2020-15999 with REVEN: Buffer-overflow in libpng in Chrome

15 Jul 2021 by Quentin - Technical - Reverse Engineering REVEN Buffer overflow Taint

In this article, we will present a step-by-step analysis of an exploit for CVE-2020-15999 using REVEN. CVE-2020-15999 is a heap buffer overflow in Freetype allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. In the process, we will show how REVEN’s timeless features such as...

HITBCyberWeek 2020 REVEN Lab replay

19 Jan 2021 by Mathieu - Conference - Reverse Engineering REVEN Exploit Buffer overflow CVE

In November 2020, Tetrane presented a remote technical hands-on lab at HITB CyberWeek about timeless debugging and analysis. We are sharing the recording of the lab as it’s a good opportunity to discover the dynamic approach of REVEN: the type of questions a trace can provide answers to, how to...

Buffer overflow exploitation in Quick Player 1.3 (unicode & SEH)

06 Oct 2020 by Quentin - REVEN - Reverse Engineering REVEN Exploit Buffer overflow

In this article, we will talk about the exploitation of a buffer overflow in Quick Player 1.3 leading to an arbitrary code execution, and how we fixed an already existing exploit using REVEN. We will first present the exploit, then explain why it did not work at first, and how...