Security Research
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: HP TippingPoint DVLabs – Zero-Day Filter Protection for the Win!

anonymous3

If is browser finding, but Javascript exploit is trivial to encode. How to catch? A duplicate find is likely for getting passed the sandbox. Or is it for Adobe Flash or Adobe Reader?

Was it always allowed to submit finding to ZDI and use same exploit in Pwn2Own?

0 Kudos
About the Author

anonymous3

Comments
anonymous3

If is browser finding, but Javascript exploit is trivial to encode. How to catch? A duplicate find is likely for getting passed the sandbox. Or is it for Adobe Flash or Adobe Reader?

Was it always allowed to submit finding to ZDI and use same exploit in Pwn2Own?

spovolny

Hi - thanks for the comment.  I'm unable to elaborate any further on the nature of what product this exploit was in until the vendor has patched.  However, I do want to clarify that the filter developed to cover the original vulnerability is NOT the same vulnerability as was demonstrated at Pwn2Own this year - because TippingPoint addresses the root cause of a vulnerability versus just an exploit of that vulnerability, the detection logic was able to trigger on what we know now is a different vulnerability despite the similarity to the 2012 CVE.  

 

On an unrelated note - yes you are correct, it is a challenging problem to account for the dynamic nature of scripting languages such as JavaScript.  That is why TippingPoint filters address the core issue, accounting for as many evasion/encodings as possible, and simultaneously, we have filters that detect generic obfuscation, encoding, and manipulation to standard scripting languages...

 

Finally, all submissions to ZDI are separate from Pwn2Own and may never be reused.  That is how the program has always worked, and will continue to operate.  Let me reiterate - this exploit was NOT from a submission to ZDI at any point.  Thanks for your interest!

Labels
Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all