There is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
606c70d052dc8c1d7e1341312dd04cc58864a77781e24662e763b3034ce543ceThere is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
a69629e9e2a8eed322ffb78022a68eb8a35d57aa71fce77bfd75edc522377becCoreGraphics can be made to write out-of-bounds memory when rendering a specially crafted font. This vulnerability can also be triggered through Safari. The vulnerability was confirmed on macOS Big Sur version 11.1.
e8027d05a6dd6acb716ee4876e073b6e72b34b7dfda2f94a9e8c4770517e1dddThere is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.
d01f7ca6621863dce70b509fef4e28ee4b3568035e8e437b4e161e9285c8ecbbThere is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.
c35348d97c283eb70c823e79074d302b25abb42fe776372cea3414d300e1ce0dThere is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.
449ae24e2e05dd0778a7ef251c34dfe7a3baf77ef865a69c498ccb7a059d82e3Microsoft Internet Explorer suffers from a use-after-free vulnerability in Script arguments during toJSON callback.
8028683bdacfe9537d7aa6ebec7ccf45a6d6f6e1549c16b0e3cc53a6d8853f2bMicrosoft Edge suffers from a Flash click2play bypass with CObjectElement::FinalCreateObject.
fdda336815ac63fe08759882eed8c25471acba4310abb045c2527612f4538060There is an issue in VBScript in the VbsErase function. In some cases, VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker.
e3cbf1077875f9a05eea70f53538809230cbe1a14641ae99c456cce2835e9409Microsoft Edge has an issue where the default flash click2play whitelist is insecure.
b67a708bf7118de58f25eedb37a2a8891d000105b033f1e3397bcf8d54354a2aIncorrect convexity assumptions in Skia can lead to multiple buffer overflow vulnerabilities.
3a576a2a2e1e3f21c3c1af4f1257d137b7f010a80f1df3c8ddb7ca7a404aec6dStarting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the VBScript execution policy does not appear to cover VBScript code in MSXML xsl files which can still execute VBScript, even when loaded from the Internet Zone.
b0f1afdfeed7b58164b0ac07caec27811ba02f778e45365490b8d741eb009e35There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied.
bbed7824f89e9377c1a62b7a38d9841ad9be96f597755fed927b3e56bee44b2cThere is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
44579881567c53e64a8aab7be8ad5b9de9c62e57487408187bfa4fe7b1adbd56There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.
994518e9454b66b07b1cd4ca2b9c80bad5057866a1f0bfc7cba8cbaab2478e58WebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.
289928f02c8cd86108a4f4ba6cf5560fedff675da4f390a55442496ee5478373WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.
7b9a7b1fa82bf893ede05de1b61f81670d536065bdd12d48311c4d40d6bbd860WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.
330899d30af3312c70ec9f154cfff29bf2d70b45f25baf5fd97e1bf90cfa6820WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.
9d1cb44aa1da7300c832e19ee82fa5727954a678e6c2fb1ef76cecfab64880e8WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.
3223eccb3079568323f68d5664a9a5ec3e1c8f01f9d6c86877128b0c16b23809WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.
bf315161b9d563fe58bae9997b294ab21d61b4e1889e5fe9e8d860999f22e0c1WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.
38fca191b8cfb11e205ef0cb59d6b9a5c606a64d85dd1580774a0a103a096acfWebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.
ad65916fee902cbf167e43363bef6f7f07016655ac1be18eb7fda7d1fb4722e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed