There is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
606c70d052dc8c1d7e1341312dd04cc58864a77781e24662e763b3034ce543ce
There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
a69629e9e2a8eed322ffb78022a68eb8a35d57aa71fce77bfd75edc522377bec
CoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.
e8027d05a6dd6acb716ee4876e073b6e72b34b7dfda2f94a9e8c4770517e1ddd
There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.
d01f7ca6621863dce70b509fef4e28ee4b3568035e8e437b4e161e9285c8ecbb
There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.
c35348d97c283eb70c823e79074d302b25abb42fe776372cea3414d300e1ce0d
There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.
449ae24e2e05dd0778a7ef251c34dfe7a3baf77ef865a69c498ccb7a059d82e3
Microsoft Internet Explorer suffers from a use-after-free vulnerability in Script arguments during toJSON callback.
8028683bdacfe9537d7aa6ebec7ccf45a6d6f6e1549c16b0e3cc53a6d8853f2b
Microsoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.
fdda336815ac63fe08759882eed8c25471acba4310abb045c2527612f4538060
There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
e3cbf1077875f9a05eea70f53538809230cbe1a14641ae99c456cce2835e9409
Microsoft Edge has an issue where the default flash click2play whitelist is insecure.
b67a708bf7118de58f25eedb37a2a8891d000105b033f1e3397bcf8d54354a2a
Incorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
3a576a2a2e1e3f21c3c1af4f1257d137b7f010a80f1df3c8ddb7ca7a404aec6d
Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone.
b0f1afdfeed7b58164b0ac07caec27811ba02f778e45365490b8d741eb009e35
There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied.
bbed7824f89e9377c1a62b7a38d9841ad9be96f597755fed927b3e56bee44b2c
There is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
44579881567c53e64a8aab7be8ad5b9de9c62e57487408187bfa4fe7b1adbd56
There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593
There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007
WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.
994518e9454b66b07b1cd4ca2b9c80bad5057866a1f0bfc7cba8cbaab2478e58
WebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.
289928f02c8cd86108a4f4ba6cf5560fedff675da4f390a55442496ee5478373
WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.
7b9a7b1fa82bf893ede05de1b61f81670d536065bdd12d48311c4d40d6bbd860
WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.
330899d30af3312c70ec9f154cfff29bf2d70b45f25baf5fd97e1bf90cfa6820
WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.
9d1cb44aa1da7300c832e19ee82fa5727954a678e6c2fb1ef76cecfab64880e8
WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.
3223eccb3079568323f68d5664a9a5ec3e1c8f01f9d6c86877128b0c16b23809
WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.
bf315161b9d563fe58bae9997b294ab21d61b4e1889e5fe9e8d860999f22e0c1
WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.
38fca191b8cfb11e205ef0cb59d6b9a5c606a64d85dd1580774a0a103a096acf
WebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.
ad65916fee902cbf167e43363bef6f7f07016655ac1be18eb7fda7d1fb4722e7