exploit the possibilities
Showing 1 - 25 of 87 RSS Feed

Files from Nicolas Joly

First Active2009-10-17
Last Active2015-05-01
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
Posted May 1, 2015
Authored by Nicolas Joly, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.

tags | exploit
systems | windows, 7
advisories | CVE-2014-8440
MD5 | 6835f44cfae092b34807fbaa978ebdc1
Adobe Flash Player copyPixelsToByteArray Integer Overflow
Posted Apr 19, 2015
Authored by Chris Evans, Nicolas Joly, juan vazquez, hdarwin | Site metasploit.com

This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2014-0556
MD5 | 4cff6de22707258e03d6b5a94098eea8
Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass
Posted Aug 30, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.

tags | advisory, remote, arbitrary, code execution, bypass
systems | windows
MD5 | 6442e7981c8d7e1d2975931b3757391d
MS13-009 Microsoft Internet Explorer COALineDashStyleArray Integer Overflow
Posted Jun 13, 2013
Authored by Nicolas Joly, juan vazquez, 4B5F5F4B | Site metasploit.com

This Metasploit module exploits an integer overflow vulnerability on Internet Explorer. The vulnerability exists in the handling of the dashstyle.array length for vml shapes on the vgx.dll module. This Metasploit module has been tested successfully on Windows 7 SP1 with IE8. It uses the the JRE6 to bypass ASLR by default. In addition a target to use an info leak to disclose the ntdll.dll base address is provided. This target requires ntdll.dll v6.1.7601.17514 (the default dll version on a fresh Windows 7 SP1 installation) or ntdll.dll v6.1.7601.17725 (version installed after apply MS12-001).

tags | exploit, overflow
systems | windows, 7
advisories | CVE-2013-2551, OSVDB-91197
MD5 | 3dd7bfec4a8f850bc66505ce27f62d68
Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass
Posted May 23, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion error in the IE broker process when processing unexpected variant objects, which could allow an attacker to execute arbitrary code within the context of the broker process to bypass Internet Explorer Protected Mode sandbox.

tags | advisory, arbitrary, code execution
systems | windows
MD5 | e2932b7fcafb7bc1a83b847ee7f48ff5
Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow
Posted May 23, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an integer overflow error in the "vml.dll" component when processing certain undocumented vector graphic properties, which could be exploited by remote attackers to leak arbitrary memory and compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2013-2551
MD5 | e10a66817c351a3e7948e3f8a7b23b58
Microsoft Internet Explorer 10-9-8-7-6 CDisplayPointer Use-After-Free
Posted May 3, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CDisplayPointer::MoveToMarkupPointer()" function within mshtml.dll when processing "CDisplayPointer" objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
MD5 | 86b53a7542311e58f1fa1b999e6ff4dc
Microsoft Internet Explorer 10-9-8-7-6 Scroll Use-After-Free
Posted May 3, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CWindow::scroll()" function within mshtml.dll when processing specially crafted "Scroll" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
MD5 | cee6bf6e07bca962189740829a2856f2
Adobe Flash Player Code Execution
Posted Apr 19, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.

tags | advisory, remote, web, protocol
advisories | CVE-2013-2555
MD5 | 528f63f34436a85bc7304af9f6091a07
Microsoft Internet Explorer 10-9-8-7-6 OnMove Use-After-Free
Posted Mar 20, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onMove" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0087
MD5 | 4087513b3b33996112f927603b70f3d6
Microsoft Internet Explorer 10-9-8-7-6 OnResize Use-After-Free
Posted Mar 20, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onResize" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0087
MD5 | eccb02d789cd9a8a3692fc05de00c7bb
Mozilla Firefox nsHTMLEditRules Use-After-Free
Posted Mar 19, 2013
Authored by Nicolas Joly, Chaouki Bekrar, VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL "nsHTMLEditRules::nsHTMLEditRules()" function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0787
MD5 | 27fb8bbd84648b8c2ce27c263b7ca54d
Microsoft Windows OLE Automation Remote Code Execution
Posted Feb 26, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the "SysAllocStringLen()" function within the "Oleaut32.dll" (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
MD5 | 283b0bcfcdbdbdb90253fe5d10c11043
Mozilla Firefox "imgRequestProxy" Class Remote Use-After-Free
Posted Nov 30, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "imgRequestProxy::OnStopRequest()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

tags | advisory, remote, web, arbitrary
MD5 | 883db1fa9cce75266023399dd2ef60f2
Microsoft Internet Explorer OnMove Use-After-Free
Posted Oct 24, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "onMove" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.

tags | advisory, remote, web, arbitrary
MD5 | dbb1bfa19ce857cbab3ec135761bcf20
Microsoft Internet Explorer "scrollIntoView" Use-After-Free
Posted Oct 24, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.

tags | exploit, remote, web, arbitrary
systems | windows
MD5 | 88d102b2449e1604440d9e12d3083784
Mozilla Firefox nsHTMLEditRules Remote Use-After-Free
Posted Sep 11, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the "setUserData()" method within the "nsHTMLEditRules" class, which could allow remote attackers execute arbitrary code via a specially crafted web page. Products affected include Mozilla Firefox versions prior to 15, Mozilla Firefox ESR versions prior to 10.0.7, Mozilla Thunderbird versions prior to 15, Mozilla Thunderbird ESR versions prior to 10.0.7, and Mozilla SeaMonkey versions prior to 2.12.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-3958
MD5 | d5d145731a27735e1a49ea9d64d0a299
Microsoft Windows Common Controls MSCOMCTL.OCX Use-After-Free
Posted Sep 11, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft products. The vulnerability is caused by a use-after-free error in the "TabStrip" Control within the "MSCOMCTL.OCX" component, which could allow remote attackers execute arbitrary code via a specially crafted web page or malicious Office document. A large amount of products are affected.

tags | advisory, remote, web, arbitrary
advisories | CVE-2012-1856
MD5 | e8ebaf786fc5689b528306d5387b2645
Adobe Flash Player Matrix3D Integer Overflow Code Execution
Posted Sep 11, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an integer overflow error in the "copyRawDataTo()" method within the "Matrix3D" class when processing malformed arguments, which could allow remote attackers execute arbitrary code via a specially crafted web page. Adobe Flash Player versions 11.3.300.271 and prior are affected.

tags | advisory, remote, web, overflow, arbitrary
MD5 | 6a21b0aa29298581091d0eede9499d29
Microsoft Internet Explorer CollectionCache Remote Use-After-Free
Posted Jun 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.

tags | advisory, remote, arbitrary
MD5 | beff56c5b350a41521763a35c83c6ac2
Adobe Flash Player NetStream Remote Code Execution
Posted Apr 19, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0773
MD5 | 1b4870f5f879eec739f728121975c5c5
Microsoft Internet Explorer VML Remote Code Execution
Posted Apr 18, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.

tags | advisory, web
advisories | CVE-2012-0172
MD5 | 430a418df374f4f687210e3faa479f35
Adobe Flash Player Matrix3D Remote Memory Corruption
Posted Mar 20, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.

tags | advisory, web
advisories | CVE-2012-0768
MD5 | 95e078da784ba70a9735a04652678734
Adobe Acrobat / Reader Image Processing Integer Overflow
Posted Jan 12, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an integer overflow error when processing malformed image data within a PDF document, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. Versions affected include Adobe Acrobat and Reader X (10.1.1) and prior and Adobe Acrobat and Reader 9.4.7 and prior.

tags | advisory, overflow
MD5 | a1138c96ee87bbca43c200d2a006d871
Microsoft Windows Time Behaviour Remote Use-After-Free
Posted Dec 19, 2011
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the "mshtml.dll" module when handling a specific Time behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, remote, web
systems | windows
MD5 | 3c24112085416a48d9b8d60184e9de4e
Page 1 of 4
Back1234Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close