Twenty Year Anniversary
Showing 1 - 25 of 70 RSS Feed

Files from Ivan Fratric

Email addressprivate
First Active2007-03-08
Last Active2018-04-17
View User Profile
Microsoft Edge OpenProcess() ACG Bypass
Posted Apr 17, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().

tags | exploit, bypass
MD5 | 0872aa70743c4a85442779d23b9462d1
Microsoft Windows jscript Use-After-Free
Posted Apr 5, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.

tags | exploit
systems | windows
advisories | CVE-2018-0935
MD5 | 54dbc94c4392c67aa6871073166ebbc0
Microsoft Internet Explorer 11 RegExp.lastMatch Memory Disclosure
Posted Mar 21, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.

tags | exploit
advisories | CVE-2018-0891
MD5 | 0bbddb1e1bbe894461a1ab5b58369ce0
Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free
Posted Feb 22, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.

tags | exploit
advisories | CVE-2018-0866
MD5 | 21e0ce967c4444c198feef093336a61e
Microsoft Edge UnmapViewOfFile ACG Bypass
Posted Feb 15, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.

tags | exploit
MD5 | 00e8f8ad6ea4b8b6fa4ff8c9f691a03a
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
MD5 | ab40e72385ce2ecec8785d781b2d76e7
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
MD5 | 16c7265e2776a0e63832f568c8f7359d
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).

tags | exploit
advisories | CVE-2017-11906
MD5 | 5d6d4de766996a82680340bb4a93c196
Microsoft Windows Array.sort jscript.dll Heap Overflow
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.

tags | exploit, overflow
advisories | CVE-2017-11907
MD5 | 615276599b5ee6f637294ed8b1cf135c
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free in jscript.dll library that can be exploited in IE11.

tags | exploit
advisories | CVE-2017-11793
MD5 | 70d9dab62006eb1aac80ab95307a311b
Windows jscript!NameTbl::GetValDef Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11903
MD5 | aec6b9f25c8ebc849fe5b43820ec5473
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.

tags | exploit, overflow
advisories | CVE-2017-11890
MD5 | 6090424aeefb73a1046a5bb0694554fc
WIndows jscript!JsArraySlice Uninitialized Variable
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11855
MD5 | 07bd43902bf61cc1da46b2ac1db3304c
Chakra CFG Bypass By Overwriting JavaScript Bytecode
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass by overwriting JavaScript bytecode.

tags | advisory, javascript
MD5 | 9e57eaebd2d21e12b8ff2602894b0871
Chakra CFG Bypass Due To Bug In ServerFreeAllocation
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation.

tags | advisory
advisories | CVE-2017-11874
MD5 | 6411c53089610f19e5d46f685bd4d1a1
Chakra CFG Bypass With leafInterpreterFrame
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stack location and subsequently overwriting a return address on the stack leading to CFG bypass.

tags | advisory, arbitrary, javascript
MD5 | d1393f9681bc2674203c0bdd4afaea99
WebKit WebCore::FormSubmission::create Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FormSubmission::create.

tags | exploit
advisories | CVE-2017-13791
MD5 | 98d087c67a0a6cedef693c7155034473
WebKit WebCore::RenderObject::previousSibling Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject::previousSibling.

tags | exploit
advisories | CVE-2017-13798
MD5 | 0226ddcb9777ea7067a169d6a553b7c8
WebKit WebCore::DocumentLoader::frameLoader Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::DocumentLoader::frameLoader.

tags | exploit
advisories | CVE-2017-13794
MD5 | c07fda98eca843e82ef5236fd67fb80b
WebKit WebCore::Style::TreeResolver::styleForElement Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::Style::TreeResolver::styleForElement.

tags | exploit
advisories | CVE-2017-13802
MD5 | 63b43c75cbc1b4ad33a88819f4eeddde
WebKit WebCore::SVGPatternElement::collectPatternAttributes Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.

tags | exploit
advisories | CVE-2017-13783
MD5 | 95cd5b7f1af7b8093b7bf246a111a82c
Webkit WebCore::SimpleLineLayout::RunResolver::runForPoint Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.

tags | exploit
advisories | CVE-2017-13784
MD5 | ae668f6385f367907250b9be6fb654fb
WebKit WebCore::RenderText::localCaretRect Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.

tags | exploit
advisories | CVE-2017-13785
MD5 | 769ad8e20766a4d8c4e777f522f6d619
WebKit WebCore::AXObjectCache::performDeferredCacheUpdate Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::AXObjectCache::performDeferredCacheUpdate in WebKit.

tags | advisory
advisories | CVE-2017-13795
MD5 | 7e9512df39aea162da9fecb3f2729c14
WebKit WebCore::PositionIterator::decrement Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebCore::PositionIterator::decrement in WebKit.

tags | exploit
advisories | CVE-2017-13797
MD5 | 335dfe4b7f9b56e61b37482bb3fcba7e
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close