Wednesday, March 7, 2018

Telspace Systems Security Advisory (TSA-2018-002)

Security Advisory

TSA-2018-002: Microsoft Edge Information Disclosure Vulnerability

CVE Number: CVE-2018-0839


An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

Details and crash information


5ef196d6 8b5928          mov     ebx,dword ptr [ecx+28h] ds:0023:117cd008=????????

Vendor: Microsoft

Product: Edge

Version: 11.0.15063.67

Vendor URLs:

Vendor Response

The vendor has patched the vulnerability and released a new version

Disclosure Timeline
  • 23-11-2017 – Initial Discovery
  • 29-11-2017 – ZDI Notification
  • 07-12-2017 - Vendor notification
  • 21-02-2018 - Coordinated public release of advisory

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Wednesday, February 28, 2018

Telspace Systems Security Advisory (TSA-2018-001)

Security Advisory

TSA-2018-001: Microsoft Access Information Disclosure Vulnerability

CVE Number: CVE-2018-0853


An information disclosure vulnerability exists when Microsoft Office Access software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

Details and crash information


72edd1ce f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

Vendor: Microsoft

Product: Access

Version: 16.0.8625.2127

Vendor URLs:

Vendor Response

The vendor has patched the vulnerability and released a new version.

Disclosure Timeline

  • 23-11-2017 – Initial Discovery
  • 25-11-2017 – Vendor Notification
  • 19-01-2018 – Vendor Patch
  • 13-02-2018 – Public Disclosure


This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

Wednesday, January 10, 2018

2017 Highlights, a great year and even greater things to come!

As we enter a new year Telspace would like to look back on 2017 and thank everyone who made 2017 one of our greatest yet. We have had the pleasure of attending a number of conferences where we were able to present, train and share ideas with like-minded individuals. 2017 saw a growth in the Telspace Team, in particular in our Research and Development space (more to come!). This blog post provides an overview of some of the highlights this year, if we have missed anything let us know in the comments below! We kicked the year off by joining up with Carte Blanche to provide comment on mobile privacy and the tools used to spy on people.

Left to right: Stieler (Standard Bank), Bongani Bingwa (Carte Blanche), Simphiwe (PIC), Dino Covotsos (Telspace Systems)

Telspace has always been very close to the local infosec community and we believe in giving back. As part of this, Telspace got heavily involved in ITWeb’s first Hackathon where we provided our time to train, mentor and judge the participants. The inaugural Hackathon brought young professionals with an interest in developing their skills in Information Security together. The overall theme, “Innovation in Security”, challenged disruptive innovators to build the most secure systems possible, as well as to explore new innovative mechanisms for the industry.

The Hackaton was a great event / initiative as it made the participants aware of the importance of information security. Telspace also took on board one of the participants from the Hackathon that demonstrated the most passion, as we always like to say, we can teach you skills but we can’t teach you passion!

Left to right: Manny Corregedor (COO of Telspace Systems), Nithen Naidoo (CEO of Snode) at the Hackathon Ideathon

For more information on the Hackathon go to:
In addition to supporting the ITWeb Hackathon we also sponsored, provided training (ethical and wireless hacking) and spoke at the ITWeb Security Summit. We also got the opportunity to catchup with some old friends such as Jayson Street, an international speaker, that gave a keynote at the conference. We also made a donation to CANSA for every Telspace shirt that was given away to attendees that visited our stand.

Left to right: Eric Lundberg, Manny Corregedor and Jayson Street

Manny Corregedor giving a talk on ‘A false sense of information security’ at the ITWeb Security Summit.

The conference was well attended and had great international speakers such Jayson Street and Mati Aharoni who gave keynotes.

Telspace also attended the first local Johannesburg 0xCon conference where our COO Manny Corregedor presented his talk “Breaking AVs for fun and the greater good”. A great day was had by everyone and it was great seeing the community come together for this local conference.

Left to right (front): Manny, Mariska (No longer with Telspace), Sibusiso, Mark, Richard. Back: Eric.

Throughout the year we also participated in other local and international conferences, round table events and provided comments on news stories in the media.

In addition to supporting local events, we also attended Blackhat, Defcon 25 and Bsides in Las Vegas. Our analyst Richard Hocking gave a presentation on Hacking Stock Markets at BSides Las Vegas titled ‘(In)Outsider Trading - Hacking stocks using public information and influence.’

In Vegas many bonds were made and many beers were enjoyed. We look forward to attending again in 2018. We also donated to the fantastic Hackers for Charity, which is an amazing initiative which we fully support (Thanks Johnny!). More information on this great initiative can be found by going to: .

Telspace also sponsored and presented at Bsides Cape Town 2017, where we were proud to run a “selfies for charity” fundraiser for the South African Depression and Anxiety Group (@TheSADAG). Our analyst Frank Allenby also presented his talk titled ‘Breach huffing; a culinary exploration of data breaches’.

Frank Allenby speaking at Bsides Cape Town

Our analyst Charlie Smith, also won the capture the flag competition at BSides Cape Town, the prize was a Google Home device, sponsored by NClose Security.

Charlie Smith receiving his prize for winning the CTF at BSides Cape Town

Some “selfies for charity” at BSides Cape Town 2017

For a complete write up on our experience at BSides Cape Town visit:

This year we officially kicked off our security advisory service, Telspace Security Advisories (TSA), where we responsibly disclosed a number of unknown vulnerabilities (0day) to vendors. In 2018 we plan to continue our research in not only finding unknown vulnerabilities but also releasing research that would be valuable to our clients and more importantly the community as a whole - stay tuned :) Lastly, we would like to thank everyone who made our 2017 year so amazing, a huge thank you to our staff, clients, friends and most importantly the local Information Security community. We wish you all the best and a prosperous year for 2018.