Thursday, 13 December 2007

[New Tool] OllyHeapTrace

OllyHeapTrace is a plugin for OllyDbg (version 1.10) to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations. All parameters as well as return values are recorded and the trace is highlighted with a unique colour for each heap being traced.

The primary purpose of this plugin is to aid in the debugging of heap overflows where you wish to be able to control the heap layout to overwrite a specific structure such as a chunk header, critical section structure or some application specific data. By tracing the heap operations performed during actions you can control (for example opening a connection, sending a packet, closing a connection) you can begin to predict the heap operations and thus control the heap layout.

OllyHeapTraceScreenshot

You can download OllyHeapTrace from here:

http://www.harmonysecurity.com/OllyHeapTrace.html

Tuesday, 13 November 2007

Novell NetWare Client Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Novell NetWare Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can exploit the vulnerable driver nwfilter.sys and gain kernel mode code execution. Novell is issuing a patch that will remove the vulnerable driver.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=626

And you can read the Novell advisory here:

https://secure-support.novell.com/KanisaPlatform/Publishing/98/3260263_f.SAL_Public.html

Wednesday, 7 November 2007

Microsoft DebugView Privilege Escalation Vulnerability

iDefense has published an advisory for a privilege escalation vulnerability in the Microsoft DebugView tool which was discovered by Stephen Fewer of Harmony Security. You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=621

Monday, 22 October 2007

[New Tool] OllyCallTrace

OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.

OllyCallTrace Screenshot

You can download OllyCallTrace from here:

http://www.harmonysecurity.com/OllyCallTrace.html

Thursday, 11 October 2007

Kaspersky Web Scanner ActiveX Format String Vulnerability

iDefense has published an advisory for a high-risk vulnerability in the Kaspersky online virus scanner which was discovered by Stephen Fewer of Harmony Security. You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606

And you can read the Kaspersky response here:

http://www.kaspersky.com/news?id=207575572

Friday, 10 August 2007

[HS-A007] Qbik WinGate Remote Denial of Service

WinGate by Qbik IP Management Limited is a sophisticated gateway and server product used in over 600,000 networks across the globe. WinGate provides a number of network services including an SMTP server for email. It is this SMTP server component that is vulnerable to a remotely exploitable format string vulnerability that can lead to a remote DoS attack, resulting in the entire WinGate service being terminated.

You can read the full advisory here:
http://www.harmonysecurity.com/HS-A007.html

Thursday, 28 June 2007

[HS-A006] Multiple XSS in Wordpress theme K2

Two Cross Site Scripting (XSS) vulnerabilities have been identified in K2, a popular theme for Wordpress. These are reflected XSS vulnerabilities and can allow for an attacker to craft a malicious URL which when accessed by a victim will allow an attacker to run arbitrary code, typically JavaScript, in the victims browser.

You can read the advisory here:
http://www.harmonysecurity.com/HS-A006.html

Tuesday, 13 March 2007

Website Redux

We are pleased to announce the long overdue overhaul of the Harmony Security website. An obvious addition has been the blog where we will be periodically posting news, views and various technical content on topics that are being worked on. Subscribe now to stay informed.