what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 115 RSS Feed

Files from VUPEN

Email addressadvisories at vupen.com
First Active2010-10-15
Last Active2014-07-16
Microsoft Windows DirectShow Privilege Escalation
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2014-2780
SHA-256 | 40f607f1e58adf819a7c42c06abb4eb9360e75d0caf490c0619a31a7fb069410
Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.

tags | advisory, arbitrary, bypass
advisories | CVE-2014-2777
SHA-256 | 700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000aca
Microsoft Internet Explorer Request Object Confusion Sandbox Bypass
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.

tags | advisory, code execution, bypass
advisories | CVE-2014-1764
SHA-256 | 7b2092a65c7957bd27e081adb9fb8fc46c778ffa0f86266785a00a12ab75e46f
Microsoft Internet Explorer CSS @import Memory Corruption
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.

tags | advisory, web, arbitrary
advisories | CVE-2014-1763
SHA-256 | cd96a783b0ba06438db8d155e68c36b5c423d9b3a31f74080fdd6447b9005d44
Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass
Posted Jun 3, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by an input validation error in the "AcroBroker.exe" component when processing local file paths, which could be exploited by attackers to write malicious files to any location on the disk and bypass Adobe Acrobat's sandbox.

tags | advisory, local, bypass
advisories | CVE-2014-0512
SHA-256 | ad3287533d595d02f6981ed86baf9f122df0208c06a04a1ab44a7b0e85c867be
Adobe Acrobat / Reader Heap Overflow
Posted May 27, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a heap overflow error when processing the "width" and "height" fields of a barcode element in a PDF, which could be exploited to execute arbitrary code via a malicious PDF file.

tags | advisory, overflow, arbitrary
advisories | CVE-2014-0511
SHA-256 | c5545ff4151f3d3fc0cd08c554b26236da99bbd61f13df1841d24f313158e669
Adobe Flash ExternalInterface Use-After-Free
Posted Apr 15, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the "ExternalInterface" class from the browser, which could be exploited to achieve code execution via a malicious web page. Adobe Flash versions prior to 13.0.0.182 are affected.

tags | advisory, web, code execution
SHA-256 | 74271eacbddb7ae8c9fa82f1d54ba1847cb249784eb45f07684efc33d4fc7c18
Mozilla Firefox "BumpChunk" Object Processing Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.

tags | advisory, web, arbitrary, code execution
SHA-256 | 8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567
Google Chrome Clipboard Format Processing Sandbox Escape
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the "Clipboard::WriteData()" function that does not restrict the value of the "format" parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, code execution
SHA-256 | 1e839c35cc0103dc89491b813b56882dd52230a8917c7b3e18e00a97251c90dd
Google Chrome Blink "locationAttributeSetter" Use-After-Free
Posted Mar 26, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the "DocumentV8Internal::locationAttributeSetter()" function when processing "document.location" objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. Google Chrome versions prior to 33.0.1750.154 are affected.

tags | advisory, web, arbitrary, code execution
SHA-256 | 64ac9a25643ea00fce3210d758ef5db14c5aa566c56da27b8f97f1377430a60f
Microsoft Internet Explorer Protected Mode Sandbox Bypass
Posted Aug 30, 2013
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.

tags | advisory, remote, arbitrary
SHA-256 | 3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4
Microsoft Internet Explorer "ReplaceAdjacentText" Use-After-Free
Posted Aug 30, 2013
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.

tags | advisory, remote
SHA-256 | 683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67
Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass
Posted Aug 30, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.

tags | advisory, remote, arbitrary, code execution, bypass
systems | windows
SHA-256 | 80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58a
Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass
Posted May 23, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion error in the IE broker process when processing unexpected variant objects, which could allow an attacker to execute arbitrary code within the context of the broker process to bypass Internet Explorer Protected Mode sandbox.

tags | advisory, arbitrary, code execution
systems | windows
SHA-256 | 29cb1429a2a37f3d946b4ea603d9780f63a083ee715c7fb7c04574f48f13cb5f
Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow
Posted May 23, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an integer overflow error in the "vml.dll" component when processing certain undocumented vector graphic properties, which could be exploited by remote attackers to leak arbitrary memory and compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2013-2551
SHA-256 | 1cc53c7aa3e2dd5a6aeb2b6dce696e0d93ccd616548beed17512a42068a61e21
Microsoft Internet Explorer 10-9-8-7-6 CDisplayPointer Use-After-Free
Posted May 3, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CDisplayPointer::MoveToMarkupPointer()" function within mshtml.dll when processing "CDisplayPointer" objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
SHA-256 | e5e548ba5a74174d5d7c255cb471591e157927133fffef086d64a8599f45024a
Microsoft Internet Explorer 10-9-8-7-6 Scroll Use-After-Free
Posted May 3, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the "CWindow::scroll()" function within mshtml.dll when processing specially crafted "Scroll" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
SHA-256 | c980f0d3b2870ce91c4913b2f39e9e2354b613c57d06b4ce7124f31d1a1c6ff5
Adobe Flash Player Code Execution
Posted Apr 19, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.

tags | advisory, remote, web, protocol
advisories | CVE-2013-2555
SHA-256 | a61b22a16c3befda80224c940393c4411503ad1032eee6935dce23f0995ad911
Microsoft Internet Explorer 10-9-8-7-6 OnMove Use-After-Free
Posted Mar 20, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onMove" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0087
SHA-256 | 74cac2fd4680b3b10d2bd5cbfa550491862f2c557deb06f06b2b52ff1c26b695
Microsoft Internet Explorer 10-9-8-7-6 OnResize Use-After-Free
Posted Mar 20, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "CElement::EnsureRecalcNotify()" function when processing "onResize" events, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0087
SHA-256 | e7dd1c9d022b3a29ac08d671f377d6068705d06e27996f487998ab6b3c9df55b
Mozilla Firefox nsHTMLEditRules Use-After-Free
Posted Mar 19, 2013
Authored by Nicolas Joly, Chaouki Bekrar, VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL "nsHTMLEditRules::nsHTMLEditRules()" function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0787
SHA-256 | f0d46293df9a00f2fa660f6e96989d985d27caaecef937c4a4865e96961181ee
Microsoft Windows OLE Automation Remote Code Execution
Posted Feb 26, 2013
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the "SysAllocStringLen()" function within the "Oleaut32.dll" (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document.

tags | advisory, remote, web, overflow, arbitrary
systems | windows
SHA-256 | 8e67f8b3f49e0baf5c8cdedac5b1335d0cde5c5ed9ab9eb564c2802292ccb781
Mozilla Firefox "imgRequestProxy" Class Remote Use-After-Free
Posted Nov 30, 2012
Authored by Nicolas Joly, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "imgRequestProxy::OnStopRequest()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

tags | advisory, remote, web, arbitrary
SHA-256 | 6ff9c9465d128e7723f00c6eb8b2c513970c66279404d1491f6201d4b7ded1cd
Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free
Posted Nov 26, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

tags | advisory, remote, web, arbitrary
SHA-256 | 5a8e530f261da8290d43f4bfe0c239292f5ff8d72f3e1b7040beafbd9b701dff
Oracle Java Font Processing Glyph Element Memory Corruption
Posted Oct 25, 2012
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web
SHA-256 | 66dc6819b2fe3e487c6074ac50782425eb1e8e4d69820a4cb144ef9adcd00ea1
Page 1 of 5
Back12345Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close