preloader

Bug bounty

CVE-2021-26415

CVE-2021-26415

I’d like to share the details of CVE-2021-26415 (CVSSv3.0: 7.8) vulnerability that was patched on 2021-04-13. I found this bug somewhere around October 2020 and worked with Trend Micro’s Zero Day Initiative to report it to Microsoft.

Continue Reading
Bug Tales: deserialization meets squatting

Bug Tales: deserialization meets squatting

Background The issue I’m about to describe was reported as part of public bug bounty program. It was reported, bounty was granted1, and issue is now fixed. However, vendor disagreed to disclose the issue, therefor I will not name vendor or product.

Continue Reading