Zero Day Initiative | Blog Note

Zero Day Initiative | Blog

The Zebra Dining is an online blog that focuses on dining and lifestyle services. They share various articles and guides related to food, restaurants, and dining experiences. Their blog offers reviews, recommendations, and insights that help readers enhance their dining experiences and lifestyle.

Thread Of Notes

A remote code execution vulnerability exists in the HTTP Protocol Stack for Microsoft Internet Information Services implemented in HTTP.sys, which can be exploited by sending crafted HTTP packets to the target system. The vulnerability is due to invalid validation of incoming HTTP requests, and successful exploitation can result in a denial-of-service condition or code execution with kernel privileges. HTTP.sys is the kernel-mode HTTP protocol driver in Microsoft Windows, and it provides HTTP request parsing, response caching, and SSL/TLS termination for Internet Information Services and other applications. The vulnerability is caused by an integer overflow in the buffer reference array during HTTP/1.x header parsing, which can lead to a kernel pool heap buffer overflow. To trigger the overflow, an attacker must craft an HTTP request with each header line encapsulated in a separate TLS application data record, requiring a minimum of 65,536 buffer references. The total request size would be approximately 262,144 bytes, which exceeds the default MaxRequestBytes registry value of 16,384 bytes. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP/1.x request over a TLS connection to an affected server, resulting in unexpected system termination or arbitrary code execution in the context of the kernel. Detection of this vulnerability can be achieved by monitoring and parsing traffic on TCP port 443, either by decrypting the TLS traffic and counting the number of distinct header field lines or by inspecting the pattern of TLS application data records within the encrypted session. The vulnerability was patched by Microsoft in the June 2026 release cycle, and the best method to ensure remediation is to test and deploy the vendor-supplied patch. To prevent exploitation, keeping the MaxRequestBytes registry value at or below 65,535 bytes represents a conservative configuration, and users are advised to follow the latest security patches and exploit techniques from the TrendAI Research team.
CdXz5zHNQW_taLHU2yssb.jpeg
TrendAI Research identified a double free vulnerability, CVE-2026-33824, in the Windows Internet Key Exchange (IKE) service, originally discovered by the WARP & MORSE team at Microsoft. This flaw, present in IKEv2's fragment processing, could lead to a crash of the IKEEXT service or arbitrary code execution. The vulnerability stems from improper ownership handling of a heap-allocated blob pointer during IKEv2 fragment reassembly within ikeext.dll. During the IKE_SA_INIT exchange, a Security Realm Vendor ID payload causes IkeHandleSecurityRealmVendorId() to allocate a blob, stored in the MMSA structure. When a fragmented IKE_AUTH message is reassembled, IkeReinjectReassembledPacket shallow-copies this blob pointer into a local stack struct. This struct is then shallow-copied into a heap-allocated work item by IkeQueueRecvRequest. The first free occurs when IkeDestroyPacketContext processes the work item and releases this shallow-copied blob pointer. The MMSA structure still holds the original pointer to the same allocation. The second free happens when the MMSA is cleaned up via IkeCleanupMMNegotiation, which eventually triggers IkeFreeMMSA, attempting to free the already released allocation. An unauthenticated, remote attacker can exploit this by sending a crafted IKE_SA_INIT message followed by two or more Encrypted Fragment payloads with an invalid IKE_AUTH message. Detection requires monitoring UDP ports 500 and 4500 for a specific IKE_SA_INIT sequence (including the Microsoft Security Realm Vendor ID) followed by a fragmented IKE_AUTH request containing a particular byte sequence. Microsoft patched this vulnerability in April 2026, recommending blocking inbound traffic on UDP ports 500 and 4500, or restricting traffic to known peer addresses, as temporary mitigations. Applying the vendor's update is the only full remediation.
CdXz5zHNQW_WT3iiMmsPg.jpeg
CdXz5zHNQW_HFPFyJ19tr.jpeg
Day One of Pwn2Own Automotive 2026 commenced with thirty entries targeting the latest automotive systems, featuring exploits and security breakthroughs from top researchers. The competition saw significant success across various categories, particularly in exploiting in-vehicle infotainment (IVI) systems and electric vehicle chargers. Several teams, including Neodyme AG and Synacktiv, successfully gained root-level access on IVI units like the Alpine iLX-F511 and Sony XAV-9500ES through vulnerabilities such as buffer overflows and chained exploits. EV chargers proved lucrative targets, with Fuzzware.io, PetoWorks, and others manipulating charging signals or achieving code execution on devices like the Autel charger and Phoenix Contact CHARX SEC-3150, often chaining multiple bugs. Notably, the Grizzl-E Smart 40A charger was successfully exploited multiple times, including a win by SKShieldus using hardcoded credentials and an authentication bypass leading to remote code execution by Compass Security. Some attempts resulted in failure, such as the initial exploit against the Kenwood DNR1007XR and attempts by Fuzzware.io against the EMPORIA Pro Charger. However, subsequent attempts quickly exploited the Kenwood unit through command injection and out-of-bounds writes by other researchers. The competition also included successful collisions where multiple teams exploited the same or similar vulnerabilities, resulting in split rewards and Master of Pwn points. Synacktiv achieved a full win in the Tesla Infotainment category by chaining an information leak and an out-of-bounds write via a USB-based attack. Overall, the day was marked by numerous successful exploits, demonstrating critical vulnerabilities in modern automotive and charging infrastructure components.
CdXz5zHNQW_DCzVPK6hBE.png
CdXz5zHNQW_PvNdDCozhi.jpeg
CdXz5zHNQW_EZiDBlz8ag.jpeg
The Trend Micro Zero Day Initiative discovered a critical vulnerability in NVIDIA's Transformers4Rec library, allowing remote code execution with root privileges. This vulnerability, CVE-2025-23298, stems from unsafe deserialization when loading model checkpoints using Python's pickle module. Transformers4Rec, part of the Merlin ecosystem, is widely used for recommendation tasks and integrates with Hugging Face Transformers. The flaw lies in the load_model_trainer_states_from_checkpoint function, which directly uses torch.load() without safety parameters, exposing it to malicious pickle files. Pickle's __reduce__ method allows arbitrary code execution during deserialization. The attack surface is significant due to common model sharing and the trust placed in checkpoint files, especially as these processes often run with elevated privileges. A malicious checkpoint could execute system commands before model weights are loaded. The real-world impact includes remote code execution, privilege escalation, data exfiltration, and supply chain attacks. NVIDIA has patched the vulnerability by implementing a custom loading mechanism that restricts deserialization to approved classes. This incident underscores the pervasive security challenges in the ML/AI ecosystem due to reliance on pickle. Developers are urged to avoid pickle for untrusted data, use weights_only=True, restrict trusted classes, and consider secure serialization formats like Safetensors. Organizations should audit model provenance, implement signing, and sandbox model loading. The ML community needs to move away from pickle and prioritize security in framework design.
CdXz5zHNQW_ETMuumC4hx.jpeg
CdXz5zHNQW_QWIp701lml.png
CdXz5zHNQW_BI9SLIJrly.jpeg
A code execution vulnerability was discovered in the Apple macOS operating system, specifically in the Scriptable Image Processing System (sips) utility. The vulnerability is due to the lack of proper validation of "lutAToBType" and "lutBToAType" tag types in ICC Profile files. A remote attacker can exploit this vulnerability by enticing a victim to open a crafted file, resulting in code execution on the victim's machine in the context of the running process. The vulnerability lies in the function sub_1000194D0(), which handles the tagged element data in ICC Profile files. The function does not properly validate the "Offset to CLUT" field value, allowing an attacker to set an offset equal to the total length of the tagged element data, causing the function to read and modify memory past the end of the heap-allocated buffer. A remote attacker can exploit this vulnerability by crafting a malicious ICC Profile file and enticing the victim to process it using a vulnerable version of sips tools. To detect an attack exploiting this vulnerability, detection devices must monitor and parse traffic on specific ports and services, and inspect the contents of ICC Profile files. The detection device should verify the Profile signature field and compute the size of the Tag Table, and inspect the tagged element data for suspicious activity. Apple has patched this vulnerability, and no attacks have been detected in the wild. It is recommended to apply the vendor patch to completely address this issue.
CdXz5zHNQW_YdZdrDpgEK.jpeg