Contact | Site en Français               

 


 

 Binary Analysis & Exploits
 
  Service Overview & Features
  BA for Security Vendors

  BA for Governments & CERTs
  BA for Corporations & MSSPs
 
   
    >> VUPEN In-Depth Binary Analysis and Exploit Codes

  
Because of the sensitive nature of the information provided through this service, VUPEN Security has defined strict eligibility criteria for participants. VUPEN Security solely reserves the right to determine whether an organization or corporation meets the criteria.

Eligible organizations are:

- Trusted Security Vendors Providing Defensive Software or Hardware (Antivirus, IPS, IDS)
- Governments, Law Enforcement, and CERTs (countries members of NATO, ANZUS, ASEAN)
- Worldwide Corporations and MSSPs (Fortune 1000, Finance, Technology, Research)
  

During the last few years, a significant increase of attacks exploiting vulnerabilities in commonly used programs such as Microsoft Internet Explorer or Adobe Acrobat and Reader is being observed. This is currently the primary initial infection vector used to compromise computers that have Internet access.

Although there are many ways to protect against these attacks and threats, governments and corporations need to leverage the most detailed security intelligence to evaluate and qualify risks, and protect their infrastructures and assets.

VUPEN Security provides in-depth binary analysis of the most significant public vulnerabilities based on disassembly, reverse engineering, protocol analysis, and code audit.

In-Depth Binary Analysis of Vulnerabilities

VUPEN team of security researchers and reverse
engineers analyse new vulnerabilities and security
patches, and write in-depth binary analysis including:

Introduction: brief description of the vulnerability
  
 Tested Versions: affected versions of the software
  
 Fixed Versions: patched versions of the software
  
 Technical details including detailed code flow path,
  
   commented assembly code and registers
  
 Exploitation technique, reliability and limitation
  
 Detection guidance: vuln-based and exploit-based
  
 References: links to third-party web sites or data
 

  

 Exploits & Proof-of-concept Codes

  
  With each in-depth binary analysis, VUPEN
 develops and provides exploit codes or PoCs
 which allow governments and corporations to:

 Reduce costs related to internal research, vuln.
  
   analysis, or reverse engineering of patches
  
 Cut-time and quickly evaluate risks related
   to vulnerabilities or exploits
  
 Evaluate the effectiveness of existing
   security policies, protections and patches
  
 Identify real and exploitable threats within
   their infrastructures, systems and networks
  
 Achieve and maintain compliance e.g. PCI
   or ISO 27001

Latest In-Depth Binary Analysis and Exploits/PoCs Released by VUPEN

     Microsoft Office Excel XLSX Document Parsing Code Execution (MS10-017) - Binary Analysis

     Microsoft Windows Movie Maker ".MSWMM" Buffer Overflow (MS10-016) - Binary Analysis

     Apple Safari 4.x ColorSync Profile Handling Integer Overflow - Binary Analysis

     Microsoft Internet Explorer 7 and 6 "iepeers.dll" Use-after-free (MS 981374) - Binary Analysis

     IBM Informix Dynamic Server Portmapper Signedness Error - Binary Analysis

     Apache Server "mod_isapi" Module Remote Memory Corruption - Binary Analysis

     Microsoft Office Excel Record Parsing Memory Corruption (MS10-017) - Binary Analysis

     IBM Informix Dynamic Server Portmapper Remote Buffer Overflow - Binary Analysis

     Opera HTTP "Content-Length" Header Handling Buffer Overflow - Binary Analysis

     Symantec Products Client Proxy ActiveX Buffer Overflow (SYM10-004) - Binary Analysis
 
 

For More Information
Contact Sales
 

Latest Advisories
  

   
    



Copyright VUPEN © 2004-2010 - Privacy Policy