When The Pwnie Awards, aka the Oscars of security research, unveiled this year’s nominees on July 22, 2010, we were excited to discover that Fortinet researchers Guillaume Lovet and Haifei Li were nominated in the category of “Most Innovative Research” for their paper “Adobe Reader's Custom Memory Management: A Heap of Trouble.”
“Most Innovative Research” is awarded to the person(s) who published “the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post”.
Guillaume and Haifei’s research paper dug deeply into the custom heap management of Adobe's PDF Reader. They found that when Adobe Reader is processing a PDF file, in most allocation cases, it does not directly use the system's heap, but maintains its own heap management system on top of the system-level heap management system. This feature provides an easier and reliable way to leverage PDF heap-based vulnerabilities.
The paper dissects the reader’s mechanisms and points out weaknesses by showing how an attacker can obtain exact EIP control in many different heap corruption situations.
On March 31, 2010, Guillaume and Haifei posted a video podcast that explained the vulnerability in detail and showed a working exploit for a PDF zero-day vulnerability. And on April 23, 2010, the two posted their Black Hat Europe 2010 presentation, as well as a whitepaper and source code.
The Pwnie Awards is an annual award ceremony that celebrates the achievements and failures of security researchers and the security community. The awards are given out once an year, and the fourth annual ceremony will take place on July 28th, 2010 in Las Vegas at the BlackHat USA security conference. This year’s esteemed judges include Dave Goldsmith, Mark Dowd, Dino Dai Zovi, HD Moore, Dave Aitel, Halvar Flake and Alexander Sotirov.
Other nominees in the category of “Most Interesting Research” include Dionysus Blazakis for his report “Flash Pointer Inference and JIT Spraying,” Joshua Mason, Sam Small, Fabian Monrose and Greg MacManus for their report “English Shellcode,” John McDonald and Chris Vasalek for their report “Practical Windows XP/2003 Heap Exploitation,” Julien Vanegue for the report “Zero-sized heap allocations vulnerability analysis” and Juliano Rizzo and Thai Duong for their report “Practical Padding Oracle Attacks.”
A complete list of award categories and nominations can be found here.