The Windows kernel suffers from out-of-bounds read vulnerabilities when operating on invalid registry paths in CmpDoReDoCreateKey / CmpDoReOpenTransKey.
76ec9aa7a319065af82cafdd465533228021c8f1589b7dfe874c3ed0033910d0
The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files.
d28ae7b6f77689b87212fa778ce097dbeda0292d731f4abdb493b75f067884e7
In Windows Registry, security descriptors are shared by multiple keys, and thus reference counted via the _CM_KEY_SECURITY.ReferenceCount field. It is critical for system security that the kernel correctly keeps track of the references, so that the sum of the ReferenceCount fields is equal to the number of keys in the hive at all times (with small exceptions for things like transacted and not yet committed operations etc.). If the ReferenceCount of any descriptor drops below the true number of its active references, it may result in a use-after-free condition and memory corruption. Similarly, if the field becomes inadequately large, it may be possible to overflow it and also trigger a use-after-free. A bug of the latter type is described in this report.
4666052c91d73ebc181951a754ead95069fc09d5df87c094776106c9e9edc90e
The Microsoft Windows Kernel has insufficient validation of new registry key names in transacted NtRenameKey.
ba4961014d277f2fb882589dbc8a7ae2231b9cbad4ecebf074ca3f4b40c660cc
The Microsoft Windows Kernel suffers from multiple issues in the prepare/commit phase of a transactional registry key rename.
7c97ca8d9eaa67f309b42a02ec5443fcab57797d0ac534a80dbe853a97cb2939
The Microsoft Windows kernel suffers from multiple issues with subkeys of transactionally renamed registry keys.
a73d43acd9edc53a2cab893ea9e5bb5beca43de488582970092616f1af85341c
The Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.
ad3989abfbd2b1064cf77a22452e621958457c972d00e1fb36536a6dcdb01abb
The Microsoft Windows kernel allows deletion of keys in virtualizable hives with KEY_READ and KEY_SET_VALUE access rights.
11325236787bd3fc6dfacb61396e8f2e5b81355ef8a0da87112e34d1821a1ad8
The Microsoft Windows kernel registry has a SID table poisoning problem that leads to bad locking and other issues.
c61efe9fac6bb66fd179b7a7a24132f82e660151050984d2cf1aae1c81d256ae
The Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019
The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263
Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867d
The Windows Kernel suffers from a use-after-free vulnerability due to bad handling of predefined keys in NtNotifyChangeMultipleKeys.
e31318a053707141296573a167ad796cc33514ff394bc3820404fedfd9233256
The Windows kernel suffers from out-of-bounds reads and other issues when operating on long registry key and value names.
8b59c6140909e13954c81f8ebbddfeb70a1e3eaf5675031e13f783c0db187379
The Windows kernel suffers from multiple memory corruption vulnerabilities when operating on very long registry paths.
98287a2f682dd844bcaa8bbc51f70cb0d694e997a42fcb83f27b010fb379d61d
The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives.
5243d82498c43a219718d01db84be2571a427237b6a4a54d1f50e487c8526fea
The Windows kernel registry suffers from a use-after-free vulnerability due to bad handling of failed reallocations under memory pressure.
8bfa22378d9e50ef4b418d4748365b0da33423d42dc3533797aebf4653bedc6d
The Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption.
4f2712bf388769633e54ee7cdd01205295aa838cb4c905e9fab301e7f201a73e
The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152
The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.
f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10
The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.
14cc97653808a5e83777838181351383480596c1a9ab0edd737615c558008d89
Apple ColorSync suffers from out-of-bounds read vulnerabilities due to integer overflows in curve table initialization.
55736f35713879a403e9db74f555530baf0f44d465185f687162ed25742170f4
Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.
c6e92780fc2927adc2e9e480e3f3df311d03eb907303e5535429ca81152d95f9
Adobe Reader suffers from a CoolType arbitrary stack manipulation vulnerability.
e6703e4405ade1d03a75e4857bf44ec5bae3db2765b274db11f9a3907aaa8cda