Twenty Year Anniversary
Showing 1 - 25 of 155 RSS Feed

Files from natashenka

First Active2015-08-19
Last Active2018-11-06
FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
MD5 | e1efd0319dcc1218c75d95f35d08574b
FaceTime VCPDecompressionDecodeFrame Memory Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.

tags | exploit
advisories | CVE-2018-4366
MD5 | 98ed8bf1539b036052ee59ec0d5239fd
FaceTime readSPSandGetDecoderParams Stack Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.

tags | exploit
advisories | CVE-2018-4367
MD5 | 17c8ace8d98479a7e023a22b0a94235c
WhatsApp RTP Processing Heap Corruption
Posted Oct 11, 2018
Authored by Google Security Research, natashenka

WhatsApp suffers from a heap corruption vulnerability in RTP processing.

tags | exploit
MD5 | f6b01d303fe816031bf7b45feaa16a08
WebRTC VP9 Processing Use-After-Free
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in VP9 processing in WebRTC.

tags | exploit
advisories | CVE-2018-16071
MD5 | 46a569d07b8a5affa552ca7aa5867a06
WebRTC FEC Out-Of-Bounds Read
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

tags | exploit
advisories | CVE-2018-16083
MD5 | f5cc50595786ed774a0112b7002d39e0
Adobe Flash AVC Processing Out Of Bounds Read
Posted Aug 24, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read vulnerability during AVC processing.

tags | exploit
advisories | CVE-2018-12827
MD5 | 542426b18d0d3fbe815b6571db42555f
WebRTC VP8 Block Decoding Use-After-Free
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC.

tags | exploit
MD5 | fe84289b20deaaf1289d6b1fe162af01
WebRTC FEC Processing Overflow
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incoming_rtp_packet, which is an RTP packet with a mac length that is defined by the transport (2048 bytes for DTLS in Chrome). This packet is then copied to the received_packet in several locations in the method, depending on packet properties, using the lenth of the incoming_rtp_packet as the copy length. The received_packet is a ForwardErrorCorrection::ReceivedPacket, which has a max size of 1500. Therefore, the memcpy calls in this method can overflow this buffer.

tags | exploit, overflow
MD5 | 066c20eaa37c60242f60e28957ecc367
WebRTC H264 NAL Packet Type Confusion
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

WebRTC suffers from a type confusion vulnerability when processing an H264 NAL packet.

tags | exploit
MD5 | 0f13bebaacf8d1adb0041a3b46fa15e0
Google Chrome Integer Overflow When Processing WebAssembly Locals
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

Google Chrome suffers from an integer overflow vulnerability when processing WebAssembly Locals.

tags | exploit, overflow, local
advisories | CVE-2018-6092
MD5 | aeb83fd88c3d4231411f5990050f821c
WebKit WebAssembly Compilation Information Leak
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebKit suffers from an information leak vulnerability in WebAssembly Compilation.

tags | exploit
advisories | CVE-2018-4222
MD5 | 8a7060e2844a92fb8c612af806907919
WebKit Generator Use-After-Free
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebKit suffers from a use-after-free vulnerability when resuming generator.

tags | exploit
advisories | CVE-2018-4218
MD5 | bbd278c835aea19f068ff64534828d6b
WebRTC VP9 Missing Frame Processing Out-Of-Bounds Memory Access
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebRTC VP9 missing frame processing suffers from an out-of-bounds memory access vulnerability.

tags | exploit
advisories | CVE-2018-6129
MD5 | 00cc61e87f0625b4254896a0155f9fc3
WebRTC VP9 Frame Processing Out-Of-Bounds Memory Access
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebRTC VP9 frame processing a suffers from an out-of-bounds memory access vulnerability.

tags | exploit
advisories | CVE-2018-6130
MD5 | 706e2d1ce513062e5e894376a2bfe8e7
Samsung Galaxy S7 Edge OMACP WbXml String Extension Processing Overflow
Posted May 24, 2018
Authored by Google Security Research, natashenka

Samsung Galaxy S7 Edge suffers from an OMACP WbXml string extension processing overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2018-10751
MD5 | 2702cb46ddd1e5d1a30361832c9812e1
Adobe Flash Blur Filtering Out-Of-Bounds Write
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a blur filtering out of bounds write vulnerability.

tags | exploit
advisories | CVE-2018-4937
MD5 | 88c1fee8c2461e70f8fb6ccd45168207
Adobe Flash Image Inflation Information Disclosure
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an image inflation information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2018-4934
MD5 | 5a8202b546643e77eb7e2ebee544e14c
Adobe Flash Sound Playing Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a sound playing overflow.

tags | exploit, overflow
advisories | CVE-2018-4936
MD5 | 764b0bb1ef3ed5a38a8acdb4c7362484
Adobe Flash Slab Rendering Overflow
Posted Apr 21, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from a slab rendering overflow.

tags | exploit, overflow
advisories | CVE-2018-4935
MD5 | b512de2dc1d1e5461cd3384d37330c84
WebKit WebAssembly Missing Order Check
Posted Apr 6, 2018
Authored by Google Security Research, natashenka

When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder() does not adequately check that sections are in the correct order when a binary contains custom sections.

tags | exploit
MD5 | d9c23ee48266ac97c0d46ca18c95d336
Telegram Messenger For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.

tags | exploit, java, remote
MD5 | 1d4fa9a377be38dd028f42d795557548
Outlook For Android Directory Traversal
Posted Dec 17, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.

tags | exploit
MD5 | e8ab0a54dab1528a6ee7935cbb5ea74f
Android Gmail Attachment Download Directory Traversal
Posted Nov 28, 2017
Authored by Google Security Research, natashenka

There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.

tags | exploit
MD5 | 9b4135eeac09a3b8c8e3cabe4c2c79ce
Adobe Flash appleToRange Out-Of-Bounds Read
Posted Sep 26, 2017
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read in applyToRange.

tags | exploit
advisories | CVE-2017-11282
MD5 | 2affd9d0f1912209f30f0ba1d9e102af
Page 1 of 7
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close