exploit the possibilities
Showing 1 - 25 of 105 RSS Feed

Files from Ivan Fratric

Email addressifratric at google.com
First Active2007-03-08
Last Active2021-06-09
Internet Explorer jscript9.dll Memory Corruption
Posted Jun 9, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-1380, CVE-2021-31959
MD5 | 7bf1477df1aec690e996f9ebbce9b10c
Internet Explorer jscript9.dll Memory Corruption
Posted May 13, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2021-26419
MD5 | 50dcfd05a094914cf819e98d3f2de507
macOS CoreGraphics Integer Overflow / Out-Of-Bounds Write
Posted Mar 15, 2021
Authored by Ivan Fratric, Google Security Research

CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.

tags | exploit
advisories | CVE-2021-1776
MD5 | e9e23aad1bac7d9d3a5382c82a4cc581
Microsoft Windows WindowsCodecsRaw!COlympusE300LoadRaw Out-Of-Bounds Write
Posted Mar 9, 2021
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.

tags | exploit
systems | windows
advisories | CVE-2021-24091
MD5 | 815147d984fdba3d24de7e30eaacb8fb
macOS ImageIO Out-Of-Bounds Write
Posted Dec 16, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.

tags | exploit
advisories | CVE-2020-29611
MD5 | f62261f5660f9ced363ae4dabdfa325f
Microsoft Windows WindowsCodecsRaw!CCanonRawImageRep::GetNamedWhiteBalances Out-Of-Bounds Read
Posted Nov 13, 2020
Authored by Ivan Fratric, Google Security Research

There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.

tags | advisory
systems | windows
advisories | CVE-2020-17113
MD5 | 1ea2260b2783f8f68dc9be4f978b3561
Microsoft Internet Explorer Use-After-Free
Posted Nov 21, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer suffers from a use-after-free vulnerability in Script arguments during toJSON callback.

tags | exploit
advisories | CVE-2019-1429
MD5 | 9b1e32c7d5ecc6ef6b2e7b6e987d25b5
Microsoft Edge Flash click2play Bypass
Posted Mar 19, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.

tags | exploit
advisories | CVE-2019-0612
MD5 | c94b41849f791f91a4e487bc8f455397
VBScript VbsErase Memory Corruption
Posted Mar 19, 2019
Authored by Ivan Fratric, Google Security Research

There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.

tags | exploit
advisories | CVE-2019-0667
MD5 | c197b2b4966090acde9b5638b0466c4a
Microsoft Edge Insecure click2play Whitelist
Posted Feb 19, 2019
Authored by Ivan Fratric, Google Security Research

Microsoft Edge has an issue where the default flash click2play whitelist is insecure.

tags | advisory
advisories | CVE-2019-0641
MD5 | 7aba8b302065571d5451116fa77bbb4c
Skia Buffer Overflow
Posted Feb 6, 2019
Authored by Ivan Fratric, Google Security Research

Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | db5ddb42f112cdaac1ac2d70bcdebc9a
VBScript MSXML Policy Bypass
Posted Dec 19, 2018
Authored by Ivan Fratric, Google Security Research

Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone.

tags | exploit
systems | windows
advisories | CVE-2018-8619
MD5 | ce43b2ebae9f07a7d017a64ce3308636
VBScript VbsErase Reference Leak
Posted Dec 19, 2018
Authored by Ivan Fratric, Google Security Research

There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied.

tags | exploit
systems | windows
advisories | CVE-2018-8625
MD5 | 7a89325a4a9a9ce9b151cea5f6c4b348
Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write
Posted Dec 18, 2018
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.

tags | exploit, local
advisories | CVE-2018-8631
MD5 | 82afb637d0f91a3f4210fbcfc5b8c0ea
Microsoft VBScript rtFilter Out-Of-Bounds Read
Posted Nov 30, 2018
Authored by Ivan Fratric, Google Security Research

There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.

tags | exploit
systems | windows, 7
advisories | CVE-2018-8552
MD5 | bb550cb6c47a76bff9745e2c8f95a914
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
Posted Nov 30, 2018
Authored by Ivan Fratric, Google Security Research

There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.

tags | exploit, vulnerability, proof of concept
systems | windows, 7
advisories | CVE-2018-8544
MD5 | d336251c8030f4420eac4b15ed1e6a78
WebKit WebCore::InlineTextBox::paint Out-Of-Bounds Read
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2018-4328
MD5 | 48d7ddd807a5fd533454a6cf9658183b
WebKit WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4323
MD5 | ef9fbd1476a9ed5869403423f443b91c
WebKit WebCore::SVGTRefElement::updateReferencedText Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4315
MD5 | 5e163bdb1d5fabd08aee1c2e22d9e5b2
WebKit WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4312
MD5 | f2e33906b39202fd5af35a10c6fa1608
WebKit WebCore::Node::ensureRareData Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4306
MD5 | 895cbd9c2699b63dc3e9313d4fbe8989
WebKit WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4314
MD5 | 5e48b10c894ac864f9f737dad8a51039
WebKit WebCore::RenderLayer::updateDescendantDependentFlags Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4317
MD5 | 2972313b3d644a72b92a046ec75eadf9
WebKit WebCore::SVGTextLayoutAttributes::context Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4318
MD5 | 8089cea300843f75b80b628759b8b832
WebKit WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free
Posted Sep 25, 2018
Authored by Ivan Fratric, Google Security Research

WebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.

tags | exploit
advisories | CVE-2018-4197
MD5 | 0f6661c3eb92987094c52de1d39f8f43
Page 1 of 5
Back12345Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    11 Files
  • 19
    Jun 19th
    1 Files
  • 20
    Jun 20th
    3 Files
  • 21
    Jun 21st
    2 Files
  • 22
    Jun 22nd
    21 Files
  • 23
    Jun 23rd
    19 Files
  • 24
    Jun 24th
    12 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close