The Windows kernel suffers from out-of-bounds read vulnerabilities when operating on invalid registry paths in CmpDoReDoCreateKey / CmpDoReOpenTransKey.
76ec9aa7a319065af82cafdd465533228021c8f1589b7dfe874c3ed0033910d0The Windows Kernel suffers from a disclosure of kernel pointers and uninitialized memory through registry KTM transaction log files.
d28ae7b6f77689b87212fa778ce097dbeda0292d731f4abdb493b75f067884e7In Windows Registry, security descriptors are shared by multiple keys, and thus reference counted via the _CM_KEY_SECURITY.ReferenceCount field. It is critical for system security that the kernel correctly keeps track of the references, so that the sum of the ReferenceCount fields is equal to the number of keys in the hive at all times (with small exceptions for things like transacted and not yet committed operations etc.). If the ReferenceCount of any descriptor drops below the true number of its active references, it may result in a use-after-free condition and memory corruption. Similarly, if the field becomes inadequately large, it may be possible to overflow it and also trigger a use-after-free. A bug of the latter type is described in this report.
4666052c91d73ebc181951a754ead95069fc09d5df87c094776106c9e9edc90eThe Microsoft Windows Kernel has insufficient validation of new registry key names in transacted NtRenameKey.
ba4961014d277f2fb882589dbc8a7ae2231b9cbad4ecebf074ca3f4b40c660ccThe Microsoft Windows Kernel suffers from multiple issues in the prepare/commit phase of a transactional registry key rename.
7c97ca8d9eaa67f309b42a02ec5443fcab57797d0ac534a80dbe853a97cb2939The Microsoft Windows kernel suffers from multiple issues with subkeys of transactionally renamed registry keys.
a73d43acd9edc53a2cab893ea9e5bb5beca43de488582970092616f1af85341cThe Microsoft Windows kernel registry virtualization can be incompatible with transactions, leading to inconsistent hive state and memory corruption issues.
ad3989abfbd2b1064cf77a22452e621958457c972d00e1fb36536a6dcdb01abbThe Microsoft Windows kernel allows deletion of keys in virtualizable hives with KEY_READ and KEY_SET_VALUE access rights.
11325236787bd3fc6dfacb61396e8f2e5b81355ef8a0da87112e34d1821a1ad8The Microsoft Windows kernel registry has a SID table poisoning problem that leads to bad locking and other issues.
c61efe9fac6bb66fd179b7a7a24132f82e660151050984d2cf1aae1c81d256aeThe Microsoft Windows kernel suffers from multiple security issues in the key replication feature of registry virtualization.
c3387e7bd189cc7e8d8449ad27e2b524a0fc939d2cc467c5961cc148cdbb9019The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
54ec3add551cac7b508b2e8157d5a658c016115390f2b327d14cac78af270263Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867dThe Windows Kernel suffers from a use-after-free vulnerability due to bad handling of predefined keys in NtNotifyChangeMultipleKeys.
e31318a053707141296573a167ad796cc33514ff394bc3820404fedfd9233256The Windows kernel suffers from out-of-bounds reads and other issues when operating on long registry key and value names.
8b59c6140909e13954c81f8ebbddfeb70a1e3eaf5675031e13f783c0db187379The Windows kernel suffers from multiple memory corruption vulnerabilities when operating on very long registry paths.
98287a2f682dd844bcaa8bbc51f70cb0d694e997a42fcb83f27b010fb379d61dThe Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives.
5243d82498c43a219718d01db84be2571a427237b6a4a54d1f50e487c8526feaThe Windows kernel registry suffers from a use-after-free vulnerability due to bad handling of failed reallocations under memory pressure.
8bfa22378d9e50ef4b418d4748365b0da33423d42dc3533797aebf4653bedc6dThe Windows Kernel suffers from integer overflow vulnerabilities in its registry subkey lists leading to memory corruption.
4f2712bf388769633e54ee7cdd01205295aa838cb4c905e9fab301e7f201a73eThe Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.
f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.
14cc97653808a5e83777838181351383480596c1a9ab0edd737615c558008d89Apple ColorSync suffers from out-of-bounds read vulnerabilities due to integer overflows in curve table initialization.
55736f35713879a403e9db74f555530baf0f44d465185f687162ed25742170f4Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.
c6e92780fc2927adc2e9e480e3f3df311d03eb907303e5535429ca81152d95f9Adobe Reader suffers from a CoolType arbitrary stack manipulation vulnerability.
e6703e4405ade1d03a75e4857bf44ec5bae3db2765b274db11f9a3907aaa8cda
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed