Showing Posts From

• Yong Chuan Koh
• 23 Nov 2017

Corrupting Memory In Microsoft Office Protected-View Sandbox

This presentation explores vulnerabilities in Microsoft Office's Protected-View sandbox through fuzzing its Inter-Process Communication (IPC) attack surface. Two critical CVEs were discovered targeting the reduced functionality sandbox environment. The talk details the methodology for generating test cases and analyzing potential security weaknesses in Protected-View.