IBM's Watchfire Team Demonstrates Dangling Pointer Remote Command Exploitation at Black Hat USA 2007 Briefings

ARMONK, NY - July 30, 2007 - IBM today announced that its newly acquired Watchfire team will demonstrate a remote command exploitation of the "dangling pointer" application bug during a session at Black Hat USA 2007 Briefings and Training, held this week in Las Vegas. In the process, IBM will provide guidance to the community on how to identify and avoid dangerous security vulnerabilities that may result from dangling pointer bugs within developed code.

As software development and security professionals generally already know, applications typically include pointers to a variety of data objects. In some scenarios, the application may erroneously use a pointer to an invalid or de-allocated object, causing an unintended execution flow. This usually results in the application crashing, but it can also produce more dangerous behavior such as remote arbitrary code execution. Until recently, however, the security risk was deemed by many to be theoretical.

"Contrary to common belief the Dangling Pointer bug is a high security risk and can be exploited for remote arbitrary code execution," said Danny Allan, director of security research at Watchfire, an IBM Company. "We will show Black Hat attendees how dangling pointer vulnerabilities can be exploited to help the community understand them and avoid them."

Jonathan Afek, senior security researcher at Watchfire, an IBM Company, who along with Adi Sharabani, manager of IBM's Watchfire security research team, discovered this dangling pointer exploit, will discuss the exploitation and the general issue of dangling pointer vulnerabilities on Wednesday, August 1 at 3:15 p.m. as part of the "zero-day" briefings track. During the presentation, Afek will demonstrate a real-world dangling pointer attack on the Microsoft IIS 5.1 web server. The Watchfire security research team worked closely with Microsoft who issued a patch for the vulnerability on July 10. (See http://www.microsoft.com/technet/security/.)

When Afek's presentation commences, IBM will post detailed technical information at http://www.watchfire.com/securityzone/default.aspx.

Also at Black Hat USA 2007, the IBM X-Force team will discuss breaking and reversing C++ as well as other reverse engineering techniques that enable researchers to find vulnerabilities and develop protection accordingly. Formed in 1996, X-Force is responsible for security research and development efforts across IBM's Internet Security Systems (ISS) division, including all security content for IBM ISS products and services.

For more information on IBM and its recent acquisition of Watchfire, visit http://www.ibm.com/software/rational/welcome/watchfire/.

For further details on the research of IBM X-Force, visit http://xforce.iss.net/.