CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.
e9e23aad1bac7d9d3a5382c82a4cc581There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.
815147d984fdba3d24de7e30eaacb8fbThere is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.
f62261f5660f9ced363ae4dabdfa325fThere is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.
1ea2260b2783f8f68dc9be4f978b3561Microsoft Internet Explorer suffers from a use-after-free vulnerability in Script arguments during toJSON callback.
9b1e32c7d5ecc6ef6b2e7b6e987d25b5Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.
c94b41849f791f91a4e487bc8f455397There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
c197b2b4966090acde9b5638b0466c4aMicrosoft Edge has an issue where the default flash click2play whitelist is insecure.
7aba8b302065571d5451116fa77bbb4cIncorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
db5ddb42f112cdaac1ac2d70bcdebc9aStarting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone.
ce43b2ebae9f07a7d017a64ce3308636There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied.
7a89325a4a9a9ce9b151cea5f6c4b348There is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
82afb637d0f91a3f4210fbcfc5b8c0eaThere is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
bb550cb6c47a76bff9745e2c8f95a914There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
d336251c8030f4420eac4b15ed1e6a78WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.
48d7ddd807a5fd533454a6cf9658183bWebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.
ef9fbd1476a9ed5869403423f443b91cWebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.
5e163bdb1d5fabd08aee1c2e22d9e5b2WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.
f2e33906b39202fd5af35a10c6fa1608WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.
895cbd9c2699b63dc3e9313d4fbe8989WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.
5e48b10c894ac864f9f737dad8a51039WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.
2972313b3d644a72b92a046ec75eadf9WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.
8089cea300843f75b80b628759b8b832WebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.
0f6661c3eb92987094c52de1d39f8f43There is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.
b2cf3dec9e5bd796bccbeb593fafdabdThere is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.
189bd359ac88d1f7b3b45f86c7b34089
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed