Exploit the possiblities
Showing 26 - 50 of 940 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2017-12-15
WebKit WebCore::SVGPatternElement::collectPatternAttributes Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.

tags | exploit
advisories | CVE-2017-13783
MD5 | 95cd5b7f1af7b8093b7bf246a111a82c
Webkit WebCore::SimpleLineLayout::RunResolver::runForPoint Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.

tags | exploit
advisories | CVE-2017-13784
MD5 | ae668f6385f367907250b9be6fb654fb
WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.

tags | exploit
advisories | CVE-2017-13785
MD5 | 769ad8e20766a4d8c4e777f522f6d619
WebKit WebCore::AXObjectCache::performDeferredCacheUpdate Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::AXObjectCache::performDeferredCacheUpdate in WebKit.

tags | advisory
advisories | CVE-2017-13795
MD5 | 7e9512df39aea162da9fecb3f2729c14
WebKit WebCore::PositionIterator::decrement Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::PositionIterator::decrement in WebKit.

tags | exploit
advisories | CVE-2017-13797
MD5 | 335dfe4b7f9b56e61b37482bb3fcba7e
WebKit WebCore::InputType::element Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::InputType::element in WebKit.

tags | exploit
advisories | CVE-2017-13792
MD5 | 3bcffec40782a4f0165f5f102cebd11c
WebKit WebCore::TreeScope::documentScope Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::TreeScope::documentScope in WebKit.

tags | exploit
advisories | CVE-2017-13796
MD5 | abfdfeaf75943ae3005d505a907f9d4a
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11853
MD5 | df47cad4c0563e46c4d01e39c825ee89
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Disclosure
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.

tags | exploit
systems | windows
advisories | CVE-2017-11831
MD5 | 819fa28825ba821d4b6515b916dd256a
Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass
Posted Nov 21, 2017
Authored by James Forshaw, Google Security Research

It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.

tags | exploit
advisories | CVE-2017-11830
MD5 | 8ebc146325ec05100a1d36b627380a7b
Microsoft Windows NTFS File System Metadata Disclosures
Posted Nov 21, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11880
MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4
Microsoft Edge Chakra JIT Bailout Generation
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a JIT issue where bailouts must be generated for OP_Memset.

tags | exploit
advisories | CVE-2017-11873
MD5 | c404973e6b026871d91a362e59d73a57
Microsoft Edge Charka JIT Incorrect Check
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a Jit related incorrect integer overflow check in Lowerer::LowerBoundCheck.

tags | exploit, overflow
advisories | CVE-2017-11861
MD5 | f57dbe49f45b04c0077db21db1563088
Microsoft Edge Chakra JIT Type Confusion
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a JIT related type confusion vulnerability with switch statements.

tags | exploit
advisories | CVE-2017-11811
MD5 | 8f8c70e8979dd42b0451c66d98b096e6
Microsoft Edge Object.setPrototypeOf Memory Corruption
Posted Nov 16, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge suffers from a memory corruption vulnerability in Object.setPrototypeOf.

tags | exploit
advisories | CVE-2017-8751
MD5 | 92759ead0f53bf182fa98170e0d5a064
Microsoft Windows Kernel Pool Address Derivation
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The OpenType ATMFD.DLL kernel-mode font driver on Windows has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | exploit, kernel
systems | windows
MD5 | ac8c580a68213846a36f69940bc63b44
Microsoft Windows Kernel Pool GetFontData Address Leak
Posted Nov 15, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool address is leaked via an undocumented GetFontData feature in ATMFD.

tags | exploit, kernel
systems | windows
MD5 | 0fc9e0391632fca8d511a3b229bca0a1
Microsoft Windows WLDP/Scriptlet CLSID UMCI Bypass
Posted Nov 15, 2017
Authored by James Forshaw, Google Security Research

The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).

tags | exploit, arbitrary, code execution
MD5 | 9f26a70091ba091d126dd62e22de0746
Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free
Posted Nov 10, 2017
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer 11 suffers from a use-after-free vulnerability in jscript!JsErrorToString.

tags | exploit
advisories | CVE-2017-11810
MD5 | e509659ea4762273ceb30f9caec7db44
Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution
Posted Oct 30, 2017
Authored by Google Security Research, mjurczyk

Microsoft Windows 10 Creators Update suffers from a 32-bit execution of ring-0 code from NULL page via NtQuerySystemInformation (class 185, Warbird functionality).

tags | advisory
systems | windows
MD5 | 3b1777f8309fb6e91148a1b542d501ef
Xen Unbounded Recursion In Pagetable De-Typing
Posted Oct 19, 2017
Authored by Google Security Research, jannh

Xen allows pagetables of the same level to map each other as readonly in PV domains. This is useful if a guest wants to use the self-referential pagetable trick for easy access to pagetables by mapped virtual address.

tags | exploit
MD5 | 7b0613bdfa02a772faa0631e1daf6f95
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11817
MD5 | f4472007f780b633aa086c20fa3c9ee8
Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.

tags | advisory, kernel
systems | windows
advisories | CVE-2017-11784
MD5 | e7fc69388cdf09d854702265504b52eb
Windows Kernel Pool nt!NtQueryObject Memory Disclosure
Posted Oct 16, 2017
Authored by Google Security Research, mjurczyk

It was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.

tags | exploit
advisories | CVE-2017-11785
MD5 | f4f91d01df5144f04444581ce5fe7b80
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers
Posted Oct 14, 2017
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.

tags | exploit
advisories | CVE-2017-11809
MD5 | 18e6e8dec6b5f143ccd448fce096def8
Page 2 of 38
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close