Results for Honggang Ren

Threat Research

Microsoft Windows JET Database Engine Heap Overflow Vulnerability

At the end of 2017, the FortiGuard Labs team discovered a heap overflow vulnerability in Microsoft Windows JET Database Engine and reported it to Microsoft following Fortinet’s responsible disclosure process. On April 10, 2018, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1003.

By Honggang RenApril 11, 2018

Threat Research

Google’s 2017 CTF – The “ASCII Art Client” Challenge

    In our last blog in this series, we discussed FortiGuard Labs’ participation in Google’s second annual Capture The Flag (CTF) competition. In this blogpost, I want to share how I solved another challenge, called“ASCII Art Client”. ChallengeDescription For this challenge, participants were given two files: a binary file aart_client and a network capture aart_client_capture.pcap. File1: aart_client File2: aart_client_capture.pcap The goal of the challenge was: This client displays nice...

By Honggang RenJune 24, 2017

Threat Research

WINS Server Remote Memory Corruption Vulnerability in Microsoft Windows Server

Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft...

By Honggang RenJune 14, 2017

Threat Research

Remote Password Change Vulnerability in HPE Vertica Analytic Database

Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE’s Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly...

By Honggang RenApril 20, 2017

Threat Research

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server

All users of vulnerable versions of the Microsoft Windows Server are encouraged to upgrade to the latest version of this software. Additionally, organizations that have deployed Fortinet IPS solutions are already protected from this vulnerability.

By Honggang RenMarch 23, 2017

Threat Research

Multiple XSS Vulnerabilities Discovered In IBM Infosphere BigInsights

Summary Last year, I discovered and reported two Cross-Site Scripting (XSS) vulnerabilities in IBM’s Infosphere BigInsights. This week, IBM released a security bulletin which contains the fix for these vulnerabilities. CVE numbers CVE-2016-2924 and CVE-2016-2992 are assigned to them respectively. InfoSphere BigInsights is an analytics platform for analyzing massive volumes of unconventional data in its native format. The software enables advanced analysis and modeling of diverse data, and supports structured, semi-structured, and unstructured...

By Honggang RenJanuary 27, 2017

Threat Research

Microsoft Kernel Integer Overflow Vulnerability

Last month I discovered and reported an integer overflow vulnerability in the Windows Registry. Last Tuesday, October 25th, Microsoft released Security Bulletin MS16-124, which contains the patch for this vulnerability, and identifies it as CVE-2016-0070. This vulnerability could lead to local privilege elevation, and is rated as “Important” by Microsoft. The vulnerability affects multiple Windows versions, and Microsoft has recommended installing this update immediately. In this blog I will share the details of this vulnerability. How...

By Honggang RenOctober 31, 2016

Threat Research

IBM Rational Collaborative Lifecycle Management XSS Vulnerability

Summary At the beginning of this year, I discovered and reported a Cross-Site Scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM). This month IBM released a security bulletin that contains the fix for this vulnerability. In this blog, I want to share the details of this vulnerability. How to Reproduce To reproduce this vulnerability, you can follow the steps below: Sign into CLM with a user account, such as “chbest2”, with the permission "JazzAdmins". Then create a new user...

By Honggang RenOctober 17, 2016