Personal


Twitter
LinkedIn
Packet Storm

Blog/News


Securify - There's a party in OLE, and you are invited
Securify - Exploiting the Xamarin.Android DLL hijack vulnerability
Security Week - Researchers Keep Finding Bugs in Google's Password Alert Extension
The Hacker News - Hacker Finds a Simple Way to Bypass Google Password Alert
PCWorld - Security researchers poke holes in Google's anti-phishing Chrome extension
Security.nl - Kat-en-muisspel rond Google Password Alert duurt voort (Dutch)
Securify - Java SE a PATH to privilege escalation
Securify - Responsible disclosure or concealed bug report?
Securify - Tales from the crypt: exploiting the .NET EncoderParameter integer overflow vulnerability
SecurityWeek - Cisco Fixes Vulnerabilities in Small Business Routers
The Hacker News - Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability
ThreatPost - Arbitrary Code Execution Bug in Android Reader
HEAT Security Blog - Got Adobe Reader on your Android device? You Had Best Update it ASAP
Computable - Adobe dicht lek in Reader for Android (Dutch)
Testnet - Security Testen nog steeds onderbelicht (Dutch)
Security.nl - Nederlander vindt gevaarlijk Windows-lek (Dutch)

Security advisories


SFY20160201 - .NET Framework 4.6 allows side loading of Windows API Set DLL
SFY20150904 - Windows Mail Find People DLL side loading vulnerability
SFY20151101 - MapsUpdateTask Task DLL side loading vulnerability
SFY20150906 - BDA MPEG2 Transport Information Filter DLL side loading vulnerability
SFY20150905 - NPS Datastore server DLL side loading vulnerability
SFY20150903 - HP LaserJet Fax Preview DLL side loading vulnerability
SFY20150902 - HP ToComMsg DLL side loading vulnerability
SFY20150901 - LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities
SFY20150806 - OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
SFY20150802 - Shockwave Flash Object DLL side loading vulnerability
SFY20151102 - Shutdown UX DLL side loading vulnerability
SFY20150803 - Windows Authentication UI DLL side loading vulnerability
SFY20150805 - Event Viewer Snapin multiple DLL side loading vulnerabilities
SFY20150801 - COM+ Services DLL side loading vulnerability
SFY20150701 - Cisco AnyConnect elevation of privileges via DMG install script
SFY20150601 - Cisco AnyConnect elevation of privileges via DLL side loading
SFY20150501 - Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
GitHUb - iframe sandbox attribute allows evasion of extension
SFY20140402 - Viber for Android exposes insecure Javascript interface
SFY20130601 - Cisco RV Series multiple vulnerabilities
SFY20140403 - Outlook.com for Android fails to validate server certificates
Umbraco - Security issues found in Umbraco 4, 6 and 7
SFY20140401 - Adobe Reader for Android exposes insecure Javascript interfaces
SFY20140301 - NSS 2014 affected by remote code execution & insecure certificate validation
SFY20130501 - Path traversal vulnerability in File Roller
AK20110801 - .NET Framework EncoderParameter integer overflow vulnerability
AK20100601 - Office arbitrary ClickOnce application execution vulnerability
AK20090402 - Akamai Download Manager arbitrary file download & execution
AK20091001 - Outlook PR_ATTACH_METHOD file execution vulnerability
AK20090401 - getPlus insufficient domain name validation vulnerability
AK20090301 - FreeWebshop.org: multiple vulnerabilities
AK20090601 - yTNEF/Evolution TNEF plugin traversal & overflow vulnerabilities
AK20090602 - PulseAudio local race privilege escalation vulnerability
AK20080401 - XP: inconsistent verification messages for signed execs
AK20070603 - XUpload multiple vulnerabilities
AK20070602 - XUpload/JUpload arbitrary file upload
AK20070601 - XUpload stack-based buffer overflow vulnerability
AK20060602 - Aangifte 2005 privilege escalation vulnerability
AK20060601 - Internet Explorer redirect arbitrary file access vulnerability
AK20050803 - MMC resource cross-site scripting vulnerability
AK20050802 - Internet Explorer: drag and drop, loading files from TIF
AK20050801 - Internet Explorer inconsistent file protocol handling
AK20050601 - PowerPoint/IE reload information disclosure vulnerability
AK20040801 - Address bar spoofing flaw in Internet Explorer

Exploits/Proof of concepts


SFY20150901 - HP Color LaserJet CM2320 MFP Series multiple DLL side loading vulnerabilities
SFY20151201 - MS15-132: Office OLE multiple DLL side loading vulnerabilities
SFY20150701 - Cisco AnyConnect elevation of privileges via DMG install script
SFY20150601 - Cisco AnyConnect elevation of privileges via DLL side loading
SFY20140401 - Adobe Reader for Android exposes insecure Javascript interfaces
SFY20110801 - .NET Framework EncoderParameter integer overflow vulnerability
Metasploit - Outlook ATTACH_BY_REF_ONLY File Execution
AK20091001 - Outlook PR_ATTACH_METHOD file execution vulnerability (ATTACH_BY_REF_ONLY)
Metasploit - Outlook ATTACH_BY_REF_RESOLVE File Execution
AK20091001 - Outlook PR_ATTACH_METHOD file execution vulnerability (ATTACH_BY_REF_RESOLVE)
AK20090601 - yTNEF/Evolution TNEF Attachment decoder plugin directory traversal & buffer overflow vulnerabilities
AK20090602 - PulseAudio local race condition privilege escalation vulnerability
AK20050802 - Internet Explorer: drag and drop, loading files from TIF
AK20050601 - PowerPoint/IE reload information disclosure vulnerability
parse_srv.c.diff - MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution
EMFexp.c - Enhanced Meta File arbitrary memory access
EudoraBoF.c - Eudora long attachment file name buffer overflow