Twenty Year Anniversary
Showing 1 - 25 of 73 RSS Feed

Files from Ivan Fratric

Email addressprivate
First Active2007-03-08
Last Active2018-07-26
View User Profile
Skia SkScan::FillPath Heap Overflow
Posted Jul 26, 2018
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.

tags | exploit, overflow, proof of concept
advisories | CVE-2018-6126
MD5 | 189bd359ac88d1f7b3b45f86c7b34089
Skia / Firefox SkTDArray Integer Overflow
Posted May 24, 2018
Authored by Ivan Fratric, Google Security Research

Skia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.

tags | exploit, overflow
advisories | CVE-2018-5159
MD5 | f7eb1e6d567bfd69e4a654a5a1a0c0cf
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
Posted May 1, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.

tags | exploit
systems | apple
advisories | CVE-2018-4200
MD5 | 35af2b53d57b81fe5f7927312787ad3f
Microsoft Edge OpenProcess() ACG Bypass
Posted Apr 17, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass vulnerability with OpenProcess().

tags | exploit, bypass
MD5 | 0872aa70743c4a85442779d23b9462d1
Microsoft Windows jscript Use-After-Free
Posted Apr 5, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.

tags | exploit
systems | windows
advisories | CVE-2018-0935
MD5 | 54dbc94c4392c67aa6871073166ebbc0
Microsoft Internet Explorer 11 RegExp.lastMatch Memory Disclosure
Posted Mar 21, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.

tags | exploit
advisories | CVE-2018-0891
MD5 | 0bbddb1e1bbe894461a1ab5b58369ce0
Microsoft IE11 Js::RegexHelper::RegexReplace Use-After-Free
Posted Feb 22, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.

tags | exploit
advisories | CVE-2018-0866
MD5 | 21e0ce967c4444c198feef093336a61e
Microsoft Edge UnmapViewOfFile ACG Bypass
Posted Feb 15, 2018
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.

tags | exploit
MD5 | 00e8f8ad6ea4b8b6fa4ff8c9f691a03a
WebKit detachWrapper Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in detachWrapper.

tags | exploit
advisories | CVE-2018-4089
MD5 | ab40e72385ce2ecec8785d781b2d76e7
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
Posted Feb 3, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.

tags | exploit
MD5 | 16c7265e2776a0e63832f568c8f7359d
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).

tags | exploit
advisories | CVE-2017-11906
MD5 | 5d6d4de766996a82680340bb4a93c196
Microsoft Windows Array.sort jscript.dll Heap Overflow
Posted Dec 19, 2017
Authored by Ivan Fratric, Google Security Research

There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.

tags | exploit, overflow
advisories | CVE-2017-11907
MD5 | 615276599b5ee6f637294ed8b1cf135c
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free in jscript.dll library that can be exploited in IE11.

tags | exploit
advisories | CVE-2017-11793
MD5 | 70d9dab62006eb1aac80ab95307a311b
Windows jscript!NameTbl::GetValDef Use-After-Free
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11903
MD5 | aec6b9f25c8ebc849fe5b43820ec5473
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.

tags | exploit, overflow
advisories | CVE-2017-11890
MD5 | 6090424aeefb73a1046a5bb0694554fc
WIndows jscript!JsArraySlice Uninitialized Variable
Posted Dec 18, 2017
Authored by Ivan Fratric, Google Security Research

There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.

tags | exploit
advisories | CVE-2017-11855
MD5 | 07bd43902bf61cc1da46b2ac1db3304c
Chakra CFG Bypass By Overwriting JavaScript Bytecode
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass by overwriting JavaScript bytecode.

tags | advisory, javascript
MD5 | 9e57eaebd2d21e12b8ff2602894b0871
Chakra CFG Bypass Due To Bug In ServerFreeAllocation
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation.

tags | advisory
advisories | CVE-2017-11874
MD5 | 6411c53089610f19e5d46f685bd4d1a1
Chakra CFG Bypass With leafInterpreterFrame
Posted Dec 5, 2017
Authored by Ivan Fratric, Google Security Research

Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stack location and subsequently overwriting a return address on the stack leading to CFG bypass.

tags | advisory, arbitrary, javascript
MD5 | d1393f9681bc2674203c0bdd4afaea99
WebKit WebCore::FormSubmission::create Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::FormSubmission::create.

tags | exploit
advisories | CVE-2017-13791
MD5 | 98d087c67a0a6cedef693c7155034473
WebKit WebCore::RenderObject::previousSibling Use-After-Free
Posted Nov 25, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject::previousSibling.

tags | exploit
advisories | CVE-2017-13798
MD5 | 0226ddcb9777ea7067a169d6a553b7c8
WebKit WebCore::DocumentLoader::frameLoader Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::DocumentLoader::frameLoader.

tags | exploit
advisories | CVE-2017-13794
MD5 | c07fda98eca843e82ef5236fd67fb80b
WebKit WebCore::Style::TreeResolver::styleForElement Use-After-Free
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::Style::TreeResolver::styleForElement.

tags | exploit
advisories | CVE-2017-13802
MD5 | 63b43c75cbc1b4ad33a88819f4eeddde
WebKit WebCore::SVGPatternElement::collectPatternAttributes Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.

tags | exploit
advisories | CVE-2017-13783
MD5 | 95cd5b7f1af7b8093b7bf246a111a82c
Webkit WebCore::SimpleLineLayout::RunResolver::runForPoint Out-Of-Bounds Read
Posted Nov 22, 2017
Authored by Ivan Fratric, Google Security Research

WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.

tags | exploit
advisories | CVE-2017-13784
MD5 | ae668f6385f367907250b9be6fb654fb
Page 1 of 3
Back123Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close