Twenty Year Anniversary
Showing 1 - 25 of 83 RSS Feed

Files from Ivan Fratric

Email addressprivate
First Active2007-03-08
Last Active2018-09-25
View User Profile
WebKit WebCore::InlineTextBox::paint Out-Of-Bounds Read
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2018-4328
MD5 | 48d7ddd807a5fd533454a6cf9658183b
WebKit WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4323
MD5 | ef9fbd1476a9ed5869403423f443b91c
WebKit WebCore::SVGTRefElement::updateReferencedText Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4315
MD5 | 5e163bdb1d5fabd08aee1c2e22d9e5b2
WebKit WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4312
MD5 | f2e33906b39202fd5af35a10c6fa1608
WebKit WebCore::Node::ensureRareData Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4306
MD5 | 895cbd9c2699b63dc3e9313d4fbe8989
WebKit WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4314
MD5 | 5e48b10c894ac864f9f737dad8a51039
WebKit WebCore::RenderLayer::updateDescendantDependentFlags Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4317
MD5 | 2972313b3d644a72b92a046ec75eadf9
WebKit WebCore::SVGTextLayoutAttributes::context Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4318
MD5 | 8089cea300843f75b80b628759b8b832
WebKit WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4197
MD5 | 0f6661c3eb92987094c52de1d39f8f43
Microsoft Windows JScript RegExp.lastIndex Use-After-Free
Posted Aug 28, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.

tags | exploit, local
systems | windows
advisories | CVE-2018-8353
MD5 | b2cf3dec9e5bd796bccbeb593fafdabd
Skia SkScan::FillPath Heap Overflow
Posted Jul 26, 2018
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-6126
MD5 | 189bd359ac88d1f7b3b45f86c7b34089
Skia / Firefox SkTDArray Integer Overflow
Posted May 24, 2018
Authored by Ivan Fratric, Google Security Research

Skia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2018-5159
MD5 | f7eb1e6d567bfd69e4a654a5a1a0c0cf
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
MD5 | 35af2b53d57b81fe5f7927312787ad3f
Microsoft Edge OpenProcess() ACG Bypass
Posted Apr 17, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().

tags | exploit, bypass
MD5 | 0872aa70743c4a85442779d23b9462d1
Microsoft Windows jscript Use-After-Free
Posted Apr 5, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.

tags | exploit
systems | windows
advisories | CVE-2018-0935
MD5 | 54dbc94c4392c67aa6871073166ebbc0
Microsoft Internet Explorer 11 RegExp.lastMatch Memory Disclosure
Posted Mar 21, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.

tags | exploit
advisories | CVE-2018-0891
MD5 | 0bbddb1e1bbe894461a1ab5b58369ce0
Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free
Posted Feb 22, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.

tags | exploit
advisories | CVE-2018-0866
MD5 | 21e0ce967c4444c198feef093336a61e
Microsoft Edge UnmapViewOfFile ACG Bypass
Posted Feb 15, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.

tags | exploit
MD5 | 00e8f8ad6ea4b8b6fa4ff8c9f691a03a
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
MD5 | ab40e72385ce2ecec8785d781b2d76e7
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
MD5 | 16c7265e2776a0e63832f568c8f7359d
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).

tags | exploit
advisories | CVE-2017-11906
MD5 | 5d6d4de766996a82680340bb4a93c196
Microsoft Windows Array.sort jscript.dll Heap Overflow
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.

tags | exploit, overflow
advisories | CVE-2017-11907
MD5 | 615276599b5ee6f637294ed8b1cf135c
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free in jscript.dll library that can be exploited in IE11.

tags | exploit
advisories | CVE-2017-11793
MD5 | 70d9dab62006eb1aac80ab95307a311b
Windows jscript!NameTbl::GetValDef Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11903
MD5 | aec6b9f25c8ebc849fe5b43820ec5473
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.

tags | exploit, overflow
advisories | CVE-2017-11890
MD5 | 6090424aeefb73a1046a5bb0694554fc
Page 1 of 4
Back1234Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close