Codenomicon Test Tools Discover Critical Security Vulnerabilities in Popular Web Browsers

Security Test Tool Prevents Flaws That Could Be Used by Malicious Code

Codenomicon Ltd, a global leader in black-box robustness and security testing, announced that it helped discover critical software vulnerabilities in several widely used web browser applications. These vulnerabilities were discovered and reported by the United Kingdom's National Infrastructure Security Co-Ordination Centre, NISCC, on June 16, 2005. The vulnerabilities deal with the way web browsers handle various image file formats. The critical severity of the discovered vulnerabilities range from malicious remote code execution to denial of service (DOS) attacks.

By utilizing the Codenomicon Images Test Tool, which was designed to discover and eradicate security-related flaws in image format implementations, NISCC was able to quickly identify the vulnerabilities in various web browsers. "File format vulnerabilities represent a new trend in software security threats," said Ari Takanen, CEO of Codenomicon. "During the past six months several vendors have reported problems in the handling of different image formats causing application designers and software developers production delays and additional support costs." In addition to web browsers, Codenomicon Images Test Tool makes it possible to locate problems in other applications and devices with image handling capabilities, such as computer operating systems, DVD players, digital cameras, printers, mobile phones and even games consoles.

Codenomicon Images Test Tool is one of the newest additions to Codenomicon's extensive line of test tools for ensuring the security of different protocols and file format implementations. The image formats covered by the test tool include, e.g., GIF89a, PNG, BMP, JPG, Microsoft Icon Resource (ICO), WAP-Forum Wireless Bitmap (WBMP) and X Consortium X Bitmap (XBM). Codenomicon's automated test tools help discover faults in implementations using invalid and anomalous inputs. This helps eliminate potential security vulnerabilities from the software development phase to pre-production.

While the category of security risks and vulnerabilities in the parsing of various image formats has gained recent attention, Codenomicon has been helping its customers proactively detect and prevent such security vulnerabilities since 2003. Still, Codenomicon Images Test Tool is only one among several other tools that have gained recent publicity. One of these proactive success stories is with Red Hat who used Codenomicon's security tools for HTTP and SSL/TLS in open source projects such as Apache and OpenSSL and was able to assess, correct and prevent security risks in these widely used software packages.

Availability

Codenomicon Images Test Tool is available now. For licensing options and pricing information, contact sales@codenomicon.com.

For more details about NISCC and a Security Advisory from Microsoft:

http://www.niscc.gov.uk/niscc/index-en.html

http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx

About Codenomicon Ltd

Codenomicon Ltd is a leading developer of innovative products for information security. Codenomicon products are intended for testing the reliability of security-critical software products and systems. Codenomicon products include tools for testing the reliability of Voice-over-IP systems, availability-critical encryption services, Internet core protocols and routing infrastructure. Codenomicon's customers include software development companies and enterprises that require absolute dependability for their products and networks.

Codenomicon recently secured a total investment of 2.8 million euros (3.6 million USD) during its first round of financing from two leading European venture capital firms, Eqvitec Partners and Prime Technology Ventures. Codenomicon was founded in 2001. Codenomicon is based in Oulu, Finland, with a subsidiary in the United States, located in San Jose, California. For more information, visit www.codenomicon.com.

Distributed by Market Wire