Stephen Fewer

Summary

Stephen is a software engineer specializing in low level software research and development in the fields of software vulnerabilities and exploitation, reverse engineering, and developer tooling. Excited to learn new technologies and solve complex problems.

Stephen is a native English speaker based in Cork City, Ireland and can work effectively in a remote environment across teams and time zones.

Contact

• LinkedIn
• Twitter
• GitHub

Awards

• Pwn2Own 2021 - Successfully competed at Pwn2Own 2021, exploiting both a Cisco RV340 and Netgear R6700v3 network router.
• MSRC Top 100 - Awarded 30th in the Microsoft Security Response Centre (MSRC) Top 100 researchers for 2015.
• Pwn2Own 2011 - Successfully competed at Pwn2Own 2011, exploiting Microsoft Internet Explorer (IE) 8 on Windows 7 SP1.

Vulnerabilities

The following 74 publicly disclosed vulnerabilities were discovered through original research.

Date	CVE	Title
04 Mar 2024	CVE-2024-27199	JetBrains TeamCity High Severity Authentication Bypass
04 Mar 2024	CVE-2024-27198	JetBrains TeamCity Critical Severity Authentication Bypass
13 Feb 2024	CVE-2023-47218	QNAP QTS and QuTS Hero Unauthenticated Command Injection
02 Aug 2023	CVE-2023-35082	Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Unauthenticated API Access
19 July 2023	CVE-2023-38205	Adobe ColdFusion Access Control Bypass (Patch Bypass)
11 July 2023	CVE-2023-29298	Adobe ColdFusion Access Control Bypass
17 Mar 2022	CVE-2022-27643	NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability
03 Jan 2022	CVE-2022-20712	Cisco Small Business RV Series Routers Upload Module Remote Code Execution Vulnerability
03 Jan 2022	CVE-2022-20707	Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Command Injection Vulnerabilities
03 Jan 2022	CVE-2022-20705	Cisco Small Business RV Series Routers Improper Session Management Vulnerability
03 Jan 2022	CVE-2022-20700	Cisco Small Business RV Series Routers Privilege Escalation Vulnerabilities
08 Sept 2020	CVE-2020-16854	Microsoft Windows Kernel Information Disclosure Vulnerability
19 Mar 2019	CVE-2019-9802	Mozilla Firefox Chrome process information leak
23 Jan 2018	CVE-2018-5090	Mozilla Firefox ParamTraits nsAString Deserialization - Integer Overflow
23 Jan 2018	CVE-2018-5090	Mozilla Firefox PluginModuleChromeParent::AnswerGetFileName - Grant Arbitrary File Read Access.
23 Jan 2018	CVE-2018-5090	Mozilla Firefox PluginModuleChromeParent::AnswerGetFileName - Heap Buffer Overflow
08 Aug 2017	CVE-2017-7804	Mozilla Firefox Memory protection bypass through WindowsDllDetourPatcher
10 Feb 2015	CVE-2015-0046	Microsoft Internet Explorer Type Confusion Info Disclosure Vulnerability
10 June 2014	CVE-2014-1775	Microsoft Internet Explorer CPeerFactoryUrlMap Use After Free Vulnerability
10 June 2014	CVE-2014-2772	Microsoft Internet Explorer textContent Heap Buffer Overflow Vulnerability
12 Nov 2013	CVE-2013-3911	Microsoft Internet Explorer Memory Corruption Vulnerability
11 June 2013	CVE-2013-3119	Microsoft Internet Explorer Memory Corruption Vulnerability
14 May 2013	CVE-2013-1312	Microsoft Internet Explorer CDOMTextNode Use After Free Vulnerability
12 Mar 2013	CVE-2013-0090	Microsoft Internet Explorer CCaret Use After Free Vulnerability
12 Feb 2013	CVE-2013-0029	Microsoft Internet Explorer CHTML Use After Free Vulnerability
12 Feb 2013	CVE-2013-0020	Microsoft Internet Explorer CMarkup Use After Free Vulnerability
21 Sept 2012	CVE-2012-2548	Microsoft Internet Explorer Layout Remote Code Execution Vulnerability
21 Sept 2012	CVE-2012-2548	Microsoft Internet Explorer 9 CTreeNode Remote Code Execution Vulnerability
14 Feb 2012	CVE-2012-0011	Microsoft Internet Explorer HTML Layout Remote Code Execution Vulnerability
14 Feb 2012	CVE-2012-0155	Microsoft Internet Explorer VML Remote Code Execution Vulnerability
09 Aug 2011	CVE-2011-1964	Microsoft Internet Explorer 9 STYLE Object Parsing Remote Code Execution Vulnerability
09 Aug 2011	CVE-2011-1347	Microsoft Internet Explorer Protected Mode Bypass Vulnerability
18 July 2011	CVE-2011-1741	EMC Documentum eRoom Indexing Server Remote Code Execution Vulnerability
14 June 2011	CVE-2011-1346	Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
08 June 2011	CVE-2011-0817	Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Vulnerability
12 April 2011	CVE-2011-1345	Microsoft Internet Explorer Event Handler Type Confusion Use After Free Vulnerability
04 April 2011	CVE-2011-0994	Novell File Reporter Agent XML Parser Stack Buffer Overflow Vulnerability
31 Jan 2011	CVE-2011-0276	HP OpenView Performance Insight Server Backdoor Account Vulnerability
14 Dec 2010	CVE-2010-3345	Microsoft Internet Explorer Select Element Use After Free Vulnerability
13 Oct 2010	CVE-2010-3552	Oracle Java IE Browser Plugin Stack Buffer Overflow Vulnerability
06 Oct 2010		Novell iManager File Upload Remote Code Execution Vulnerability
29 Sept 2010		IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability
21 July 2010	CVE-2010-2773	Novell Teaming Arbitrary File Upload Remote Code Execution Vulnerability
21 June 2010	CVE-2010-0284	Novell Access Manager File Upload Remote Code Execution Vulnerability
01 June 2010		Novell ZENworks Preboot Service Stack Buffer Overflow Vulnerability
23 April 2010		Novell ZENworks UploadServlet Remote Code Execution Vulnerability
05 April 2010	CVE-2010-0838	Sun Java CMM readMabCurveData Stack Buffer Overflow Vulnerability
23 Feb 2010	CVE-2010-0620	EMC HomeBase Arbitrary File Upload Remote Code Execution Vulnerability
08 Dec 2009	CVE-2009-3844	HP Application Recovery Manager Stack Buffer Overflow Vulnerability
20 Nov 2009	CVE-2009-3843	HP Operations Manager Backdoor Account Code Execution Vulnerability
28 Oct 2009		EMC & OpenText Hummingbird STR Service Stack Overflow Vulnerability
23 Sept 2009	CVE-2009-3068	Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability
22 July 2009		Akamai Download Manager Stack Buffer Overflow Vulnerability
21 July 2009		Novell Privileged User Manager Remote DLL Injection Vulnerability
28 April 2009		TIBCO SmartSockets Stack Buffer Overflow Vulnerability
14 Oct 2008		Microsoft Host Integration Server Command Execution Vulnerability
14 Sept 2008	CVE-2008-3684	EMC ApplicationXtender Server Admin Agent Heap Overflow Vulnerability
14 Sept 2008	CVE-2008-3685	EMC ApplicationXtender Server Admin Agent File Upload Vulnerability
04 Jun 2008		VMware Tools HGFS Local Privilege Escalation Vulnerability
27 May 2008		EMC AlphaStor Server Agent Multiple Buffer Overflow Vulnerabilities
27 May 2008		EMC AlphaStor Library Manager Command Execution Vulnerability
10 Apr 2008		EMC DiskXtender Authentication Bypass Vulnerability
10 Apr 2008		EMC DiskXtender File System Manager Buffer Overflow Vulnerability
10 Apr 2008		EMC DiskXtender MediaStor Format String Vulnerability
19 Feb 2008		EMC RepliStor Multiple Heap Overflow Vulnerabilities
09 Jan 2008		Novell NetWare Client Local Privilege Escalation Vulnerability
07 Jan 2008		Motorola netOctopus Agent Privilege Escalation Vulnerability
24 Dec 2007		Novell ZENworks ESM Client Local Privilege Escalation Vulnerability
12 Nov 2007		Novell NetWare Client Privilege Escalation Vulnerability
06 Nov 2007		Microsoft DebugView Privilege Escalation Vulnerability
10 Oct 2007		Kaspersky Web Scanner ActiveX Format String Vulnerability
10 Aug 2007	CVE-2007-4335	Qbik WinGate Remote Denial of Service Vulnerability
04 Jan 2000	CVE-2000-0049	NullSoft Winamp 2.10 Playlist Stack Buffer Overflow
22 Dec 1999		Netscape Navigator/Communicator 4.5 Preference File Stack Buffer Overflow

Projects

The following is a selection of publicly available software projects Stephen has developed.

• WonderLeak is a Windows allocation profiler.
• Relyze is an interactive software reverse engineering tool to disassemble, decompile and binary diff native code software.
• Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
• Reflective DLL Injection is a Windows (x86, x64, ARM) library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
• OllySocketTrace is a plugin for OllyDbg to trace the socket operations being performed by a process, recording all buffers being sent and received.
• OllyHeapTrace is a plugin for OllyDbg to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations.
• OllyCallTrace is a plugin for OllyDbg to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.
• NoNameOS is a tiny Operating System for the x86 architecture. It is an educational system with a monolithic kernel design and a clean efficient implementation. Features include a simple virtual memory manager, a file system and fully pre-emptive multitasking.