Twenty Year Anniversary
Showing 1 - 25 of 72 RSS Feed

Files from Ivan Fratric

Email addressprivate
First Active2007-03-08
Last Active2018-05-24
View User Profile
Skia / Firefox SkTDArray Integer Overflow
Posted May 24, 2018
Authored by Ivan Fratric, Google Security Research

Skia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2018-5159
MD5 | f7eb1e6d567bfd69e4a654a5a1a0c0cf
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
MD5 | 35af2b53d57b81fe5f7927312787ad3f
Microsoft Edge OpenProcess() ACG Bypass
Posted Apr 17, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().

tags | exploit, bypass
MD5 | 0872aa70743c4a85442779d23b9462d1
Microsoft Windows jscript Use-After-Free
Posted Apr 5, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.

tags | exploit
systems | windows
advisories | CVE-2018-0935
MD5 | 54dbc94c4392c67aa6871073166ebbc0
Microsoft Internet Explorer 11 RegExp.lastMatch Memory Disclosure
Posted Mar 21, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.

tags | exploit
advisories | CVE-2018-0891
MD5 | 0bbddb1e1bbe894461a1ab5b58369ce0
Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free
Posted Feb 22, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.

tags | exploit
advisories | CVE-2018-0866
MD5 | 21e0ce967c4444c198feef093336a61e
Microsoft Edge UnmapViewOfFile ACG Bypass
Posted Feb 15, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.

tags | exploit
MD5 | 00e8f8ad6ea4b8b6fa4ff8c9f691a03a
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
MD5 | ab40e72385ce2ecec8785d781b2d76e7
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
MD5 | 16c7265e2776a0e63832f568c8f7359d
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).

tags | exploit
advisories | CVE-2017-11906
MD5 | 5d6d4de766996a82680340bb4a93c196
Microsoft Windows Array.sort jscript.dll Heap Overflow
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.

tags | exploit, overflow
advisories | CVE-2017-11907
MD5 | 615276599b5ee6f637294ed8b1cf135c
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free in jscript.dll library that can be exploited in IE11.

tags | exploit
advisories | CVE-2017-11793
MD5 | 70d9dab62006eb1aac80ab95307a311b
Windows jscript!NameTbl::GetValDef Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11903
MD5 | aec6b9f25c8ebc849fe5b43820ec5473
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.

tags | exploit, overflow
advisories | CVE-2017-11890
MD5 | 6090424aeefb73a1046a5bb0694554fc
WIndows jscript!JsArraySlice Uninitialized Variable
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11855
MD5 | 07bd43902bf61cc1da46b2ac1db3304c
Chakra CFG Bypass By Overwriting JavaScript Bytecode
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass by overwriting JavaScript bytecode.

tags | advisory, javascript
MD5 | 9e57eaebd2d21e12b8ff2602894b0871
Chakra CFG Bypass Due To Bug In ServerFreeAllocation
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation.

tags | advisory
advisories | CVE-2017-11874
MD5 | 6411c53089610f19e5d46f685bd4d1a1
Chakra CFG Bypass With leafInterpreterFrame
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stack location and subsequently overwriting a return address on the stack leading to CFG bypass.

tags | advisory, arbitrary, javascript
MD5 | d1393f9681bc2674203c0bdd4afaea99
WebKit WebCore::FormSubmission::create Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FormSubmission::create.

tags | exploit
advisories | CVE-2017-13791
MD5 | 98d087c67a0a6cedef693c7155034473
WebKit WebCore::RenderObject::previousSibling Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject::previousSibling.

tags | exploit
advisories | CVE-2017-13798
MD5 | 0226ddcb9777ea7067a169d6a553b7c8
WebKit WebCore::DocumentLoader::frameLoader Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::DocumentLoader::frameLoader.

tags | exploit
advisories | CVE-2017-13794
MD5 | c07fda98eca843e82ef5236fd67fb80b
WebKit WebCore::Style::TreeResolver::styleForElement Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::Style::TreeResolver::styleForElement.

tags | exploit
advisories | CVE-2017-13802
MD5 | 63b43c75cbc1b4ad33a88819f4eeddde
WebKit WebCore::SVGPatternElement::collectPatternAttributes Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.

tags | exploit
advisories | CVE-2017-13783
MD5 | 95cd5b7f1af7b8093b7bf246a111a82c
Webkit WebCore::SimpleLineLayout::RunResolver::runForPoint Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.

tags | exploit
advisories | CVE-2017-13784
MD5 | ae668f6385f367907250b9be6fb654fb
WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.

tags | exploit
advisories | CVE-2017-13785
MD5 | 769ad8e20766a4d8c4e777f522f6d619
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    8 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    32 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    2 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    15 Files
  • 22
    Jun 22nd
    7 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close