CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security - Examining Viruses

ISSN for CodeBreakers Journal

Side Story
Technical Analysis of MS06-001

Microsoft Windows is vulnerable to remote code execution in GDI32.dll (Graphical Device Interface). This vulnerability was assigned Microsoft security bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). An exploit containing this vulnerability was found in the wild by Websense Security Labs on 12/27/2005.

This vulnerability was exploited in the wild as early as 12/15/2005 to install various malicious programs. In order to successfully exploit this vulnerability, an attacker is only required to lure the victim to an infected website. The number of websites currently hosting malicious code has steadily increased since the exploit was made public.

In this article, Stephan Chenette walks through the disassembly of GDI32.dll, providing a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document.

Read More >>

CodeBreakers Journal ISSN 1864-7049

Latest Papers

Popular Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008

Vol.4, No.2, 2007

Vol.4, No.1, 2007

Vol.3, No.2, 2006

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1925
News: 293
Web Links: 1
Visitors: 3811368

Who's Online

We have 2 guests online

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

About/Disclaimer

Examining Viruses

Written by Giovanni Tropeano

Side Story
Technical Analysis of MS06-001

Microsoft Windows is vulnerable to remote code execution in GDI32.dll (Graphical Device Interface). This vulnerability was assigned Microsoft security bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). An exploit containing this vulnerability was found in the wild by Websense Security Labs on 12/27/2005.

This vulnerability was exploited in the wild as early as 12/15/2005 to install various malicious programs. In order to successfully exploit this vulnerability, an attacker is only required to lure the victim to an infected website. The number of websites currently hosting malicious code has steadily increased since the exploit was made public.

In this article, Stephan Chenette walks through the disassembly of GDI32.dll, providing a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document.

Read More >>

Is it virii, or viruses? - Viruses. :) I have to admit, I am fascinated with virus programming. Not sure why, but I am always reading about them, reading up on how to defeat them, and even coding them for my own educational purposes. I decided to write this high-level overview of virii that may help to give you a better understanding of the different types of viruses out there. So, let's get started...

Download:

Examining Viruses