A series of blog posts leveraging CVE analysis and patch diffing to discover new vulnerabilities.
As revealed in the blog posts, 4 CVEs came from the in-depth study of CVE-2021-1657.
Results from CVE-2021-1657:
- Part 1 - Patch Diffing In The Dark
- Part 2 - Down the Rabbit Hole
- Part 3 - Down But Not Out
- Part 4 - Do You Trust Me?
Results from CVE-2020-1030 (Bonus Research):
| CVE | Description | Type | Blog Reference |
|---|---|---|---|
| CVE-2022-26916 | Windows Fax Compose Form RCE | Heap Buffer Overflow via Integer Overflow | Found |
| CVE-2022-26917 | Windows Fax Compose Form RCE | Heap Buffer Overflow via Integer Overflow | CVE-2021-XXXX |
| CVE-2022-26918 | Windows Fax Compose Form RCE | Deserialization of Untrusted Data | CVE-2021-ZZZZ |
| CVE-2022-26926 | Windows Address Book RCE | Heap Buffer Overflow via Integer Overflow | CVE-2021-YYYY |
| CVE-2022-21997 | Windows Print Spooler LPE | Arbitrary File Delete | CVE-2021-WWWW |
| CVE-2022-21999 | Windows Print Spooler LPE | Arbitrary File Execution | CVE-2021-XXXX |
This research was performed by a CSE Vulnerability Researcher under CSE's mandate to discover vulnerabilities and protect Canadian Government Networks and Systems. This research resulted in the discovery of several vulnerabilities which were reviewed as per CSE's Equities Management Framework and submitted to Microsoft's Security Response Center. The findings were published as CVE-2022-26917, CVE-2022-26917, CVE-2022-26918, and CVE-2022-26926. This work demonstrates just one method of vulnerability discovery from start to finish. If this type of work interests you, consider applying to CSE's VRC. Complete CSE's general application and select “Vulnerability Research Engineer” as the job type. If you have any questions or wish to provide additional information for your application, please email vrc-crv@cse-cst.gc.ca (PGP Key).