what you don't know can hurt you
Showing 51 - 75 of 1,649 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2022-01-24
QT TIFF Processing Heap Overflow
Posted Jun 4, 2021
Authored by Google Security Research, natashenka

There is a heap corruption bug that can occur when QT processes a malformed TIFF image. It happens because the size of the QImageData backing the image is calculated is calculated using the format of the image, meanwhile TIFFReadScanline calculates the length to be read based on TIFFScanlineSize, which determines the size base on three tags in the TIFF file, width, samples per pixel and bits per sample.

tags | exploit
MD5 | 1a0ad550a77bf87e59f4c4f358cae2f2
Gstreamer Matroska Demuxing Use-After-Free
Posted Jun 3, 2021
Authored by Google Security Research, natashenka

Gstreamer suffers from a use-after-free vulnerability in Matroska demuxing.

tags | exploit
advisories | CVE-2021-3498
MD5 | 8295d83b0f5ff21a0ba7ec7f666eeee2
QT PNG ICC Processing Out-Of-Bounds Read
Posted May 27, 2021
Authored by Google Security Research, natashenka

The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.

tags | exploit
MD5 | 26119d4fbb3aaf3d523b1a23162d477b
QT TIFF Processing Out-Of-Bounds Read
Posted May 25, 2021
Authored by Google Security Research, natashenka

The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow an attacker to determine values in memory based of the QImage pixels, if QT is used to process untrusted images.

tags | exploit
MD5 | 5ab17349daeac6651bf3ab6ee0c7fee9
Chrome Array Transfer Bypass
Posted May 14, 2021
Authored by Google Security Research, Glazvunov

The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.

tags | exploit
advisories | CVE-2021-21148, CVE-2021-21156
MD5 | 2c54899cf0b5cf9ab027a5329061b62e
Internet Explorer jscript9.dll Memory Corruption
Posted May 13, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2021-26419
MD5 | 50dcfd05a094914cf819e98d3f2de507
Windows Container Manager Service CmsRpcSrv_MapNamedPipeToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31167
MD5 | 970b0826e9c53e62fb981f362a8095f7
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31169
MD5 | ad4654c8ed7054c3225224811ba94b15
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.

tags | exploit
advisories | CVE-2021-31168
MD5 | ae8247dda745d9d8d6c85bfb03878028
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Posted May 12, 2021
Authored by James Forshaw, Google Security Research

The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.

tags | exploit, arbitrary
advisories | CVE-2021-31165
MD5 | 12c1abb8e71fc62e306c9bc1dea254d3
Android NFC nfa_rw_sys_disable Type Confusion
Posted May 12, 2021
Authored by Google Security Research, nedwill

Android NFC suffers from a type confusion vulnerability in nfa_rw_sys_disable.

tags | exploit
MD5 | c8afe4ec5b084a950377d0e1557801f8
Mozilla Windows Maintenance Service Weak DACL
Posted May 11, 2021
Authored by James Forshaw, Google Security Research

Mozilla's Firefox 85 for Windows has a weak DACL for domain networks.

tags | exploit
systems | windows
advisories | CVE-2021-29951
MD5 | 51ec5afa13bba26be3fb02a3fedaa898
AWS CloudShell Terminal Escape Injection / Remote Code Execution
Posted May 10, 2021
Authored by Google Security Research, Felix Wilhelm

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.

tags | exploit, remote, javascript, code execution
MD5 | a07ebf4a753f14e46c966e23a4c3cf0b
Android Memory Disclosure / Out-Of-Bounds Write / Double-Free
Posted May 7, 2021
Authored by Google Security Research, nedwill

Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling.

tags | exploit, vulnerability
advisories | CVE-2021-0473
MD5 | 8d8d54d0917860623f3f6575fafe62b0
Android NFC Stack Out-Of-Bounds Write
Posted Apr 28, 2021
Authored by Google Security Research, nedwill

Android suffers from an out-of-bounds write in the NFC stack when handling MIFARE Classic TLVs.

tags | exploit
advisories | CVE-2021-0430
MD5 | 1876be15a92df0d791bf35ae3be87ae4
xscreensaver Raw Socket Leak
Posted Apr 19, 2021
Authored by Tavis Ormandy, Google Security Research

xscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.

tags | exploit, proof of concept
MD5 | 48106b83c9aba927ebf03a5ccbadc196
Microsoft Windows SCM Remote Access Check Limit Bypass Privilege Escalation
Posted Apr 14, 2021
Authored by James Forshaw, Google Security Research

The access limit check for non-local admins when accessing the SCM remotely can be bypassed by requesting MAXIMUM_ALLOWED, leading to gaining access to start services etc.

tags | exploit, local
advisories | CVE-2021-27086
MD5 | 281e52fe6059770b5acb2e965164e4a3
iOS / macOS Radio Proximity Kernel Memory Corruption
Posted Apr 7, 2021
Authored by Google Security Research, ianbeer

A radio proximity kernel memory corruption vulnerability exists in iOS and macOS due to bad state machine in BSS steering.

tags | exploit, kernel
systems | ios
advisories | CVE-2020-3843, CVE-2020-9906
MD5 | 5ff730e5556e80e223e58b23eca60fa1
Adobe Reader CoolType Arbitrary Stack Manipulation
Posted Mar 18, 2021
Authored by Google Security Research, mjurczyk

Adobe Reader suffers from a CoolType arbitrary stack manipulation vulnerability.

tags | exploit, arbitrary
advisories | CVE-2021-21086
MD5 | 07bd21c6148b74a3ebd51754bc5c4290
macOS CoreGraphics Integer Overflow / Out-Of-Bounds Write
Posted Mar 15, 2021
Authored by Ivan Fratric, Google Security Research

CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.

tags | exploit
advisories | CVE-2021-1776
MD5 | e9e23aad1bac7d9d3a5382c82a4cc581
Microsoft Windows Kernel NtGdiGetDeviceCapsAll Race Condition / Use-After-Free
Posted Mar 12, 2021
Authored by Google Security Research, mjurczyk

Microsoft Windows kernel suffers from a use-after-free of the PDEVOBJ object via a race condition vulnerability in NtGdiGetDeviceCapsAll.

tags | exploit, kernel
systems | windows
advisories | CVE-2021-26863
MD5 | 31454c2dcf01b0dc4bbe498526c27f84
F5 Big IP ASM is_hdr_criteria_matches Buffer Overflow
Posted Mar 11, 2021
Authored by Google Security Research, Felix Wilhelm

The bd daemon, which runs as part of the F5 BIG-IP Application Security Manager (ASM), is vulnerable to a stack-based buffer overflow when processing overlong HTTP response headers in the is_hdr_criteria_matches function.

tags | exploit, web, overflow
advisories | CVE-2021-22992
MD5 | fb4bb5a73422ead38863ca80421b7215
F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write
Posted Mar 11, 2021
Authored by Google Security Research, Felix Wilhelm

Big IP's Traffic Management Microkernels (TMM) URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition.

tags | exploit, info disclosure
advisories | CVE-2021-22991
MD5 | 7bbc96ec1d50a3a238d0764ad16101ea
Microsoft Windows Containers Host Registry Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

Microsoft Windows Containers Host Registry Virtual Registry Provider does not correctly handle relative opens leading to a process in a server silo being able to access the host registry leading to elevation of privilege.

tags | exploit, registry
systems | windows
advisories | CVE-2021-26864
MD5 | 6305bd287c8bfb28100d961cbddfdabb
Microsoft Windows Containers Privilege Escalation
Posted Mar 10, 2021
Authored by James Forshaw, Google Security Research

The standard user ContainerUser in a Windows Container has elevated privileges and High integrity level which results in making it administrator equivalent even though it should be a restricted user.

tags | exploit
systems | windows
advisories | CVE-2021-26891
MD5 | 70e9e9e164d2ee60daaa05a5afd67fe4
Page 3 of 66
Back12345Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    24 Files
  • 28
    Jan 28th
    14 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close