The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.
89963b5c1486fe1be37d6ac1b5c9eec1Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
bdb1cf3e206e20716cc1331d5db8586bMicrosoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.
8345cf786d59f19382f074d30d3d7a64Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the "PNodeFlags::fpnArguments_overriddenInParam" flag.
a0bb4862186218d2082f06418fe41eefMicrosoft Edge Chakra suffers from an uninitialized arguments vulnerability.
254b2f18f283725c45ea772937348381Microsoft Edge Charka does not handle CallInfo properly in JavascriptFunction::EntryCall.
ca7cefcfefb9812efa9d1102c48d1f49Microsoft Edge Chakra suffers from a type confusion vulnerability in JavascriptArray::ConcatArgs.
3eadfb4f26ae49414d9bbcd6ff420ab0This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
afbcee955491660e874dbdcf65f457b4Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing.
46341894e6a60a6a21b912305869341dMicrosoft Edge Chakra suffers from an incorrect usage of TryUndeleteProperty.
1f197a1d5f569cc871c7c7d4aebd5330Microsoft Edge Chakra suffers from an incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule.
acec101c7b823cc6f8e22b1fe6ec1f01InterpreterStackFrame::ProcessLinkFailedAsmJsModule in Microsoft Edge Chakra incorrectly re-parses.
65e0073a3d3deddfb8c73ca0f7f0cf9aMicrosoft Edge suffers from an out-of-bounds access vulnerability when fetching source.
701b7d08c5c0bd9f550ef032f9389f29Microsoft Edge Chakra does not call SetIsCatch for all cases in PreVisitCatch.
46515fd1c1a80220b621f07b9b99321aThe Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.
c8362b5a1c7c3dbeb8acb12f5b8d33afThe Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.
a4a8941cfa0b53cfa91df56147d65240Microsoft Edge suffers from an out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
ae106588351f60c9e1078c6cf7ad219eThere is a use-after-free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198), Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
94db0de217892edc8b973671be6ef85bVirtualBox suffers from a privilege escalation vulnerability due to a windows process DLL UNC path signature bypass vulnerability.
b7b24727a13df6c61f230dfaf8caa4b7VirtualBox suffers from a privilege escalation vulnerability due to a windows process DLL signature bypass vulnerability.
e1476610f1872866ca63ea58ddd4a886macOS and iOS sandbox escapes and privilege escalation vulnerabilities exist due to unexpected shared memory-backed xpc_data objects.
19f6fc5bf96e23f9e9f9a4af9ec8737eWebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.
3329e3b7383b6891153dfafff93bf8beWebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
04b54b4fde19de5e3ff97538dc8015b4WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
84e9da66fe8fee86e5c1ebabf24d65ccWebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.
a4dea82325ce2ff7147bae6f3044af5b
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed