Twenty Year Anniversary
Showing 1 - 25 of 129 RSS Feed

Files from lokihardt

First Active2017-02-24
Last Active2018-09-18
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.

tags | exploit
advisories | CVE-2018-8384
MD5 | 5bdea5cae9762e60edfaa8a268f78dbb
Microsoft Edge Chakra JIT localeCompare Type Confusion
Posted Sep 18, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.

tags | exploit
advisories | CVE-2018-8355
MD5 | f4b3619f1626d973adb28bf93ce037e3
Microsoft Edge Chakra InitializeNumberFormat / InitializeDateTimeFormat Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for ICU don't check whether the given object has been initialized. This allows to initialize the same object multiple times which can lead to type confusion.

tags | exploit
advisories | CVE-2018-8298
MD5 | 1b3261f5867fe61b3069b230e5d96d54
Microsoft Edge Chakra JIT InlineArrayPush Type Confusion
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with InlineArrayPush.

tags | exploit
MD5 | 10eb2bef76e9e5e5df10028a6b00b0b7
Microsoft Edge Chakra DictionaryPropertyDescriptor::CopyFrom Failed Copy
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra has an issue where DictionaryPropertyDescriptor::CopyFrom does not copy all fields.

tags | exploit
advisories | CVE-2018-8291
MD5 | 58ac89a215bdcc730aeb2f04f26ab26d
Microsoft Edge Chakra Parameter Scope Parsing Bug
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a parameter scope parsing bug.

tags | exploit
advisories | CVE-2018-8279
MD5 | 8b8b33096fd8de5b5ebbe8619cff7a64
Microsoft Edge Chakra JIT ImplicitCallFlags Check Bypass
Posted Aug 17, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an ImplicitCallFlags check bypass vulnerability with Intl.

tags | exploit, bypass
advisories | CVE-2018-8288
MD5 | b06d81dae646fb997c8078d09c0343ba
macOS / iOS OfficeImporter JavaScript Injection
Posted Jul 13, 2018
Authored by Google Security Research, lokihardt

macOS and iOS suffer from a javascript injection bug in OfficeImporter.

tags | exploit, javascript
systems | cisco, ios
MD5 | 8a77e3c5cc05866fe394bdbf6a928d1b
Microsoft Edge Chakra JIT SetConcatStrMultiItemBE Type Confusion
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a type confusion vulnerability with hoisted SetConcatStrMultiItemBE instructions.

tags | exploit
advisories | CVE-2018-8229
MD5 | 9b384b361e8b141c4703603f10a6db28
Microsoft Edge Chakra JIT BoundFunction::NewInstance Bug
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from a bug. BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it doesn't care about the CallFlags_NewTarget flag which indicates that there's an extra argument (new.target) at the end of the argument array. So the size of the new argument array created with the CallFlags_NewTarget flag will be always 1 less then required, this leads to an out-of-bounds read.

tags | exploit
advisories | CVE-2018-8139
MD5 | 2e11fd2e309888dfb033653d982fdc23
Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from multiple out of bounds reads and writes.

tags | exploit
advisories | CVE-2018-8145
MD5 | b73c99e652b5ab40ccfdf43c9715573b
Chrome V8 KeyAccumulator Bug
Posted Jul 12, 2018
Authored by Google Security Research, lokihardt

Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash.

tags | exploit
MD5 | 9fee601d9a1d2470bc41cfa501ef0dbc
Chrome V8 PromiseAllResolveElementClosure Element Confusion
Posted Jun 7, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has an element confusion issue with PromiseAllResolveElementClosure.

tags | exploit
MD5 | e846e2172648f118d3f2ff6689c37c64
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion
Posted May 31, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability.

tags | exploit
advisories | CVE-2018-8133
MD5 | ae691da69a6f584e9d6f3d6f325cc89e
Microsoft Edge Chakra Cross Context Bug Use-After-Free
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra suffers from a cross context use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-0946
MD5 | f4c7a5b8adf1e791a28c344b2404f815
Microsoft Edge Chakra JIT Magic Value Type Confusion
Posted May 24, 2018
Authored by Google Security Research, lokihardt

Microsoft Edge Chakra JIT suffers from an issue where a magic value can cause a type confusion vulnerability.

tags | advisory
advisories | CVE-2018-0953
MD5 | 4a021dfd3c28a0b21d17bfd6d8b4c5bf
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Posted May 18, 2018
Authored by Google Security Research, lokihardt

Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.

tags | exploit
advisories | CVE-2018-0980
MD5 | 09442d487262053ca44c67ade9eacecb
Chrome V8 ObjectDescriptor Class Bug
Posted May 4, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has a bug in the ObjectDescriptor class.

tags | advisory
MD5 | eb7d7ce8d537b4c677c0f9783ad86bd4
Google Chrome V8 AwaitedPromise Update Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a "then" getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately overwritten after the call to Await, this may lead the generator to an incorrect state.

tags | exploit, javascript
advisories | CVE-2018-6106
MD5 | eb56f2216b0ca1318d166d23fcad7b4c
Google Chrome V8 Arrow Function Scope Fixing Bug
Posted Apr 26, 2018
Authored by Google Security Research, lokihardt

Google Chrome V8 suffers from an arrow function scope fixing bug.

tags | exploit
MD5 | 4d52efa2602d737aaf7180cc2543c06c
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion
Posted Apr 21, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.

tags | exploit
MD5 | d8ca369d4de256bff5cc0437ef5167b1
Chrome V8 JIT LoadElimination::ReduceTransitionElementsKind Bug
Posted Apr 11, 2018
Authored by Google Security Research, lokihardt

Chrome V8 JIT has a bug in LoadElimination::ReduceTransitionElementsKind.

tags | exploit
MD5 | 29850b01c4442ac8e9f2a4fed323efe8
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

tags | exploit
advisories | CVE-2018-0934
MD5 | 6099c93a3f08c4e81ed7de84882cba0a
Microsoft Edge Charka JIT Incomplete Fix For Issue 1420
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

tags | exploit
advisories | CVE-2018-0933
MD5 | dc6e350de68f5b22d4f1cdba5404821b
Chrome V8 Genesis::InitializeGlobal Bugs
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

Chrome V8 has multiple bugs in Genesis::InitializeGlobal.

tags | exploit
MD5 | 0b5c156e751faddf1932eeb73dcaf083
Page 1 of 6
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    13 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close