Exploit the possiblities
Showing 1 - 25 of 983 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2018-01-18
Microsoft Edge Chakra AsmJSByteCodeGenerator::EmitCall Call Handling
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an AsmJSByteCodeGenerator::EmitCall call handling bug.

tags | exploit
advisories | CVE-2018-0780
MD5 | 1c7860ec256452b1d95a1e70975c4a35
Microsoft Edge Chakra JIT Loop Analysis Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a loop analysis bug that can perform an out-of-bounds write.

tags | exploit
advisories | CVE-2018-0777
MD5 | ff08702b950d0869cae0d738a90cb6ac
Microsoft Edge Chakra JIT Stack-To-Heap Copy Bug
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a stack-to-heap copy bug.

tags | exploit
advisories | CVE-2018-0776
MD5 | 380e5767238c8dcf3ac7de7f26e6998c
Microsoft Edge Chakra Deferred Parsing
Posted Jan 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Egde Chakra deferred parsing makes wrong scopes.

tags | exploit
advisories | CVE-2018-0775
MD5 | 8ebf986754c648c945c174f53fac15d2
Microsoft Edge Chakra Incorrect Scope Handling
Posted Jan 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an incorrect scope handling vulnerability.

tags | exploit
advisories | CVE-2018-0774
MD5 | f9aa042a0c635706708db62651d0068a
Microsoft Edge Chakra JavascriptGeneratorFunction::GetPropertyBuiltIns Exposure
Posted Jan 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a JavascriptGeneratorFunction::GetPropertyBuiltIns exposure of scriptFunction.

tags | exploit
advisories | CVE-2017-11914
MD5 | e8df0b0b2e1f9ed2b06276033e5b5645
Microsoft Edge Chakra JIT Incorrect Bounds Calculation
Posted Jan 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an out-of-bounds write vulnerability.

tags | exploit
advisories | CVE-2018-0769
MD5 | cd3a0e785ae920d4c8bf5b53a4cc3e8f
Transmission RPC Session-ID Mechanism Design Flaw
Posted Jan 12, 2018
Authored by Tavis Ormandy, Google Security Research

The Transmission bittorrent client suffers from an RPC session-id mechanism design flaw.

tags | exploit
MD5 | e90bb59ff19cae369a362b93ce42c18d
eBPF 4.9-stable Verifier Bug Backported
Posted Jan 12, 2018
Authored by Jann Horn, Google Security Research

eBPF had the verifier bug backported to version 4.9-stable.

tags | exploit
MD5 | 8a1c22a5152b26d19ce1cffd65c19ab9
macOS process_policy Stack Leak
Posted Jan 12, 2018
Authored by Jann Horn, Google Security Research

macOS suffers from a process_policy stack leak through an uninitialized field.

tags | exploit
advisories | CVE-2017-7154
MD5 | 087461a94f1e181ee115eef15d6fd864
Microsoft Edge Chakra AppendLeftOverItemsFromEndSegment Out-Of-Bounds Read
Posted Jan 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an out-of-bounds read in AppendLeftOverItemsFromEndSegment.

tags | advisory
advisories | CVE-2018-0767
MD5 | 6cfc877917d7438791ce00f168c6b410
Microsoft Windows SMB Server Mount Point Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the SMB server drivers (srv.sys and srv2.sys) do not check the destination of a NTFS mount point when manually handling a reparse operation leading to being able to locally open an arbitrary device via an SMB client which can result in privilege escalation.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2018-0749
MD5 | 8bee2db391a04c548de7c3126b3c73a4
Microsoft Windows NtImpersonateAnonymousToken LPAC To Non-LPAC Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, when impersonating the anonymous token in an LPAC the WIN://NOAPPALLPKG security attribute is ignored leading to impersonating a non-LPAC token leading to privilege escalation.

tags | exploit
systems | windows
advisories | CVE-2018-0752
MD5 | 8c8cfa8d06fb3178fe47edd96393a118
Microsoft Windows NtImpersonateAnonymousToken AC To Non-AC Privilege Escalation
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the check for an AC token when impersonating the anonymous token does not check impersonation token's security level leading to impersonating a non-AC anonymous token leading to privilege escalation.

tags | exploit
systems | windows
advisories | CVE-2018-0751
MD5 | ec5a514309e694f43622f9260cc4f20a
Microsoft Windows NTFS Owner/Mandatory Label Privilege Bypass
Posted Jan 11, 2018
Authored by James Forshaw, Google Security Research

When creating a new file on an NTFS drive it's possible to circumvent security checks for setting an arbitrary owner and mandatory label leading to a non-admin user setting those parts of the security descriptor with non-standard values which could result in further attacks resulting privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2018-0748
MD5 | 23055e91c47aae5d9ca3bd19f9708bba
Android Hardware Service Manager Arbitrary Service Replacement
Posted Jan 11, 2018
Authored by Google Security Research, laginimaineb

Android hardware service manager suffers from an arbitrary service replacement issue due to getpidcon.

tags | exploit, arbitrary
advisories | CVE-2017-13209
MD5 | e737a1fadbe0b195095c2575bb8694b4
Microsoft Edge Chakra JIT Missing Integer Overflow Check
Posted Jan 11, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a missing integer overflow check in Lowerer::LowerSetConcatStrMultiItem.

tags | exploit, overflow
advisories | CVE-2018-0758
MD5 | 65fafc5cbcfc312f3b6de6a81d4ce4c3
Microsoft Windows Local XPS Print Spooler Sandbox Escape
Posted Jan 10, 2018
Authored by James Forshaw, Google Security Research

The Microsoft Windows local print spooler can be abused to create an arbitrary file from a low privilege application including one in an AC as well as a typical Edge LPAC CP leading to elevation of privilege.

tags | exploit, arbitrary, local
systems | windows
MD5 | f9c76875d1743262b2802cf76e9e7f56
Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3
Microsoft Windows Kernel ATMFD.DLL Out-Of-Bounds Read
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode driver lacks any sort of sanitization of various 32-bit offsets found in .MMM files (Multiple Master Metrics), and instead uses them blindly while loading Type 1 Multiple-Master fonts in the system.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0754
MD5 | 870a4dbf54830a3b7fe3d330142d98ab
Microsoft Windows Kernel nt!PiUEventHandleGetEven Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure from nt!RawMountVolume via nt!PiUEventHandleGetEvent (\Device\DeviceApi\CMNotify device).

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0747
MD5 | 60cf9a8ec04755f71c4247b0446d8196
Microsoft Edge Chakra JIT Escape Analysis Bug
Posted Jan 10, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.

tags | exploit
advisories | CVE-2017-11918
MD5 | f49a75546e986ccb23882860abd5f185
Microsoft Windows Kernel nt!NtQuerySystemInformation Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a memory disclosure in nt!NtQuerySystemInformation (information class 138, QueryMemoryTopologyInformation).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0746
MD5 | b620b4ff52f8487fa112c32d8993da4c
Microsoft Windows Kernel nt!NtQueryInformationProcess Stack Memory Disclosure
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel suffers from a stack memory disclosure in nt!NtQueryInformationProcess (information class 76, QueryProcessEnergyValues).

tags | exploit, kernel
systems | windows
advisories | CVE-2018-0745
MD5 | 705f77a5bfdb76b806fe73449ba102a5
Android ashmem Race Condition
Posted Jan 10, 2018
Authored by Google Security Research, laginimaineb

The Android MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a Bundle and transferred via binder to remote processes.

tags | exploit, remote
advisories | CVE-2017-13216
MD5 | dcf0633cc886152f7601ff53e754aa73
Page 1 of 40
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close