Proactive, Responsible Disclosure Is One Crucial Way Fortinet Strengthens Customer Security
The cybersecurity industry continues to grow and mature. As a part of this process, we must collectively raise the topic of—and discuss the need for—ethical rules for handling the disclosure of vulnerabilities, especially given the many benefits of providing such intelligence in protecting customers against cyber adversaries.
FortiGuard Labs Threat Research
Analysis of CVE-2016-0059 - Microsoft IE Information Disclosure Vulnerability Discovered by Fortinet
Summary This month Microsoft patched two vulnerabilities which were discovered and reported by me, one is an information disclosure vulnerability in Internet Explorer (IE) (CVE-2016-0059 in MS16-009), the other is a memory corruption vulnerability in Microsoft Office (CVE-2016-0055 in MS16-015). In this blog, we will provide in-depth analysis of CVE-2016-0059. The vulnerability exists because Microsoft Hyperlink Object Library improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability...
