Talk Summary
Memory corruption exploitation have been around since 1988, after the Morris worm breakout. Exploitation of memory corruption has been seen widely targeted regardless from closed source to open source. Vulnerability classes has been introduced to differ type of memory corruptions. Different classes will have a different type of exploitation, thus introducing exploitation techniques such as Return Oriented Programming (ROP), return-to-libc (ret2libc), and many more.
Memory corruption has been categorized as one of the dangerous software errors. Security Researchers and vendors has been fighting over the years by introducing new techniques of exploitation as well the exploit mitigations. Our presentation will includes demonstration on vulnerabilities found in a different products and Operating Systems in details.
First issue we demonstrate is the GNU Sharutils, CVE-2018-1000097. Sharutils is a set of utilities to handle shell archives. Since 2005, there is no vulnerability reported in Sharutils. We’ve performed fuzzing on the application targeting both ‘shar’ and ‘unshar’ utilities. These two are relying on command-line. Second issue we demonstrate on Microsoft Edge vulnerability and how the issue mitigated. The third issue based on our finding in one of the popular and commercial PDF reader memory corruption with CVE assigned CVE-2018-12324.
In our presentation, we will be discussing details of high-level overview, classic exploitation, modern exploitation, vulnerability classes, vulnerability and exploit mitigations in different Operating Systems and future of exploitation.