exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 75 RSS Feed

Files from SkyLined

Email addressberendjanwever at gmail.com
Websiteskypher.com
First Active2003-04-10
Last Active2016-12-21
View User Profile
Microsoft Internet Explorer 8 Javascript RegExpBase::FBadHeader Use-After-Free
Posted Nov 16, 2016
Authored by SkyLined

A specially crafted web-page can cause the Javascript engine of Microsoft Internet Explorer 8 to free memory used for a string. The code will keep a reference to the string and can be forced to reuse it when compiling a regular expression.

tags | exploit, web, javascript
advisories | CVE-2015-2482
SHA-256 | a44bc80d38c01b629bf33d47219ad52a17a287e1ebeaf43f0e48e32b2c5d2caf
Microsoft Edge CAttrArray::Destroy Use-After-Free
Posted Nov 15, 2016
Authored by SkyLined

A specially crafted web-page can cause Microsoft Edge to free memory used for a CAttrArray object. The code continues to use the data in freed memory block immediately after freeing it. It does not appear that there is enough time between the free and reuse to exploit this issue.

tags | advisory, web
SHA-256 | 7b085c40b0b5c32560e511980a285156cb74ab99f30b0b11136ee56130ebcd24
Microsoft Internet Explorer 11 MSHTML CMapElement::Notify Use-After-Free
Posted Nov 14, 2016
Authored by SkyLined

A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various C<ElementName>Element::Notify functions to make another such call and at least one of these functions is non-reentrant. This can have various repercussions, e.g. when an attacker triggers this vulnerability using a CMapElement object, a reference to that object can be stored in a linked list and the object itself can be freed. This pointer can later be re-used to cause a classic use-after-free issue.

tags | exploit, web
advisories | CVE-2015-0040
SHA-256 | a298a13c199ace85ce391cd64bb90067724828fbbaf92483dc7624a141955abe
Google Chrome Blink Serializer::doSerialize Bad Cast
Posted Nov 12, 2016
Authored by SkyLined

When serializing JavaScript objects for sending to another window using the postMessage method, the code in blink does not handle Symbol objects correctly and attempts to serialize this kind of object as a regular object, which results in a bad cast. An attacker that can trigger this issue may be able to execute arbitrary code. Chrome version 38 is affected.

tags | exploit, arbitrary, javascript
SHA-256 | 62430de9384e1fc1e44dd85ff62388f8415cb6ba8958ab0623f192a275046d1c
WININET CHttpHeaderParser::ParseStatusLine Out-Of-Bounds Read
Posted Nov 10, 2016
Authored by SkyLined

A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.

tags | exploit, web
advisories | CVE-2016-3325
SHA-256 | 94c41624ff0f1959d2d6ec3ad4d68a44468068d2211d86e587904cea67366cf4
Microsoft Internet Explorer 9 / 10 / 11 PROPERTYDESC::HandleStyleComponentProperty Out-Of-Bounds
Posted Nov 10, 2016
Authored by SkyLined

Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.

tags | exploit
advisories | CVE-2016-3324
SHA-256 | 69867369c8cff2f756daea66abcef97b67f77b7116041fb4cfb63a932b7b4769
VBScript RegExpComp::PnodeParse Out-Of-Bounds Read
Posted Nov 9, 2016
Authored by SkyLined

A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to disclose information stored after this memory block. This includes all versions of Microsoft Internet Explorer.

tags | exploit
SHA-256 | de2a5025554f64ba3382cd282b48b1d88c6ba27472d9213565816e814c3c7bdb
VBScript CRegExp::Execute Uninitialized Memory Use
Posted Nov 7, 2016
Authored by SkyLined

A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer.

tags | exploit, arbitrary
advisories | CVE-2014-6363
SHA-256 | b64494b3d3720d952429d019e2e49e61742543b7134bc063c0ba2058e1570f99
Microsoft Internet Explorer 9 MSHTML CPtsTextParaclient::CountApes Out-Of-Bounds Read
Posted Nov 5, 2016
Authored by SkyLined

Microsoft Internet Explorer 9 suffers from a MSHTML CPtsTextParaclient::CountApes out-of-bounds read vulnerability.

tags | exploit
SHA-256 | 99089ae366a7f7d4e65b3282f45f00fb4bd55bb17255adf843050757f6024bd8
Microsoft Internet Explorer 10 MSHTML CElement::GetPlainTextInScope Out-Of-Bounds Read
Posted Nov 4, 2016
Authored by SkyLined

Microsoft Internet Explorer 10 suffers from a MSHTML CElement::GetPlainTextInScope out-of-bounds read vulnerability.

tags | exploit
SHA-256 | c58c107031dbf172676c012967abab15f19261829cb6779e0fff3c4b540a12be
Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free
Posted Nov 2, 2016
Authored by SkyLined

Setting the listStyleImage property of an Element object causes MSIE 11 to allocate 0x4C bytes for an "image context" structure, which contains a reference to the document object as well as a reference to the same CMarkup object as the document. When the element is removed from the document/document fragment, this image context is freed on the next "draw". However, the code continues to use the freed context almost immediately after it is freed.

tags | exploit
SHA-256 | 7c3474c2032d42f936d3ff0e59c7c8ce6f77233bc469225fdf7ba7bf031ca859
Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free
Posted Nov 1, 2016
Authored by SkyLined

A specially crafted webpage can cause Microsoft Internet Explorer to reallocate a memory buffer in order to grow it in size. The original buffer will be copied to newly allocated memory and then freed. The code continues to use the freed copy of the buffer.

tags | advisory
advisories | CVE-2014-4141
SHA-256 | 3dcbd15f1686902d2440fd693ec5986ce00f13147b6d267999345ec3f1440334
How To Exploit Magic Values In 32-Bit Processes On 64-Bit OSes
Posted Jun 22, 2016
Authored by SkyLined

This is a brief write-up on how magic values in 32-bit processes on 64-bit OSes work and how to exploit them.

tags | paper
advisories | CVE-2014-1592
SHA-256 | 0e22f4f695fe5a82d5a78008e35426ae71abb83926c813e23d3e43569e903c82
Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion
Posted Jun 17, 2016
Authored by SkyLined

With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11.

tags | exploit, javascript
advisories | CVE-2016-0199
SHA-256 | 8d60da32ba3ba0db4a0f218c7ca375ed14206761ebd4594a313e25dd2ebe4eae
Microsoft Internet Explorer Type Confusion
Posted Feb 13, 2016
Authored by SkyLined

Multiple type confusion vulnerabilities have been identified in Microsoft Internet Explorer.

tags | exploit, vulnerability
advisories | CVE-2016-0061, CVE-2016-0063
SHA-256 | c45987a41ea1716f25b8305b8106839624da2cc538ef5c79eff30b9c9599c037
JScript 5.7 RegExpBase::FBadHeader Use-After-Free
Posted Oct 14, 2015
Authored by SkyLined

Recompiling the regular expression pattern during a replace in JScript version 5.7 (MSIE 8) can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size.

tags | exploit
advisories | CVE-2015-2482
SHA-256 | de4b362c98096f2627ba422def8ffe6b298c4c26b1bf19a41b77cd41aab24c77
Chrome ui::AXTree::Unserialize Use-After-Free
Posted Jul 18, 2015
Authored by SkyLined

Chrome suffers from a ui::AXTree::Unserialize related use-after-free vulnerability.

tags | exploit
SHA-256 | c401c178ffecc2c543e0506717b170b45cb01c6106506bf7304ac67f0c08bfb4
Microsoft Internet Explorer 8 Use-After-Free
Posted Mar 27, 2015
Authored by SkyLined

When using the Developer Tools of MSIE 8, one might hover the mouse over a button in the "Script" tab, at which point a "tooltip" is shown. If one then clicks the button, a use-after-free occurs.

tags | advisory
SHA-256 | cec4afb711d5667871c3fd945bdf77db6ba3ca778cc12958105abb9afe2c84e3
Win32 Speaking Shellcode
Posted Dec 31, 2010
Authored by SkyLined

A null-free shellcode for 32-bit versions of Windows 5.0 - 7.0 all service packs that uses the Microsoft Speech API to say "You got pwned!" over the speakers. Includes optional code that fixes stack alignment (adds 5 bytes) and bypasses EAF (adds 29 bytes).

tags | shellcode
systems | windows
SHA-256 | f54fd8dc37595b55a5ab88f6996c820cae4d9d2da1433af720424d2f22dec480
Oracle Java APPLET Tag Memory Corruption
Posted Oct 14, 2010
Authored by SkyLined

Oracle Java APPLET tag children property memory corruption exploit.

tags | exploit, java
SHA-256 | b50d56fbb2f1a6701f2c4a72945340e117fab8e133268070b5d5c9eebfa29427
Firefox 3.5.10 / 3.6.6 Memory Corruption
Posted Oct 14, 2010
Authored by SkyLined

Firefox versions 3.5.10 and 3.6.6 suffers from a WMP memory corruption vulnerability via pop-ups.

tags | exploit
SHA-256 | 861b3eab07fc3b8178946ceed224790bd9606d1ec07c76a0b524c6a6f4c426ae
Oracle Java 6 OBJECT Tag Buffer Overflow
Posted Oct 14, 2010
Authored by SkyLined

Internet Exploiter 12+DEP: Oracle Java 6 OBJECT tag "launchjnlp"/"docbase" parameter buffer overflow exploit.

tags | exploit, java, overflow
SHA-256 | e9a6ff0b98431f29ebe768bcd88a09a0ffec917f642a6ad5e6d7a436d2daafd4
Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption
Posted Aug 12, 2010
Authored by SkyLined

Msxml2.XMLHTTP.3.0 response handling memory corruption exploit that takes advantage of the vulnerability listed in MS10-051.

tags | exploit
advisories | CVE-2010-2561
SHA-256 | 36337c841a1ee6b14eb1a761db53bbab0d0efac57cda58f85dc96bb0cb3db271
Internet Exploiter II 3.0 With DEP Bypass
Posted Mar 1, 2010
Authored by SkyLined

Internet Exploiter II version 3.0 DHTML memory corruption proof of concept exploit that bypasses DEP.

tags | exploit, proof of concept
SHA-256 | 8d79ef782e79343218a4752b8edf2781a2dc684a0214bce8d86443e1e017905d
ALPHA3 Shellcode Encoder
Posted Jan 11, 2010
Authored by SkyLined | Site code.google.com

ALPHA3 is an alphanumeric shellcode encoder.

tags | shellcode
SHA-256 | ce340cf911a3c7c4b4d3e13db65c19e98a5ba76465416bba9e7ded0b446353e5
Page 2 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close