There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied.
bbed7824f89e9377c1a62b7a38d9841ad9be96f597755fed927b3e56bee44b2cThere is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
44579881567c53e64a8aab7be8ad5b9de9c62e57487408187bfa4fe7b1adbd56There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007WebKit suffers from a WebCore::InlineTextBox::paint out-of-bounds read vulnerability.
994518e9454b66b07b1cd4ca2b9c80bad5057866a1f0bfc7cba8cbaab2478e58WebKit suffers from a WebCore::RenderMultiColumnSet::updateMinimumColumnHeight use-after-free vulnerability.
289928f02c8cd86108a4f4ba6cf5560fedff675da4f390a55442496ee5478373WebKit suffers from a WebCore::SVGTRefElement::updateReferencedText use-after-free vulnerability.
7b9a7b1fa82bf893ede05de1b61f81670d536065bdd12d48311c4d40d6bbd860WebKit suffers from a WebCore::AXObjectCache::handleMenuItemSelected use-after-free vulnerability.
330899d30af3312c70ec9f154cfff29bf2d70b45f25baf5fd97e1bf90cfa6820WebKit suffers from a WebCore::Node::ensureRareData use-after-free vulnerability.
9d1cb44aa1da7300c832e19ee82fa5727954a678e6c2fb1ef76cecfab64880e8WebKit suffers from a WebCore::SVGAnimateElementBase::resetAnimatedType use-after-free vulnerability.
3223eccb3079568323f68d5664a9a5ec3e1c8f01f9d6c86877128b0c16b23809WebKit suffers from a WebCore::RenderLayer::updateDescendantDependentFlags use-after-free vulnerability.
bf315161b9d563fe58bae9997b294ab21d61b4e1889e5fe9e8d860999f22e0c1WebKit suffers from a WebCore::SVGTextLayoutAttributes::context use-after-free vulnerability.
38fca191b8cfb11e205ef0cb59d6b9a5c606a64d85dd1580774a0a103a096acfWebKit suffers from a WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded use-after-free vulnerability.
ad65916fee902cbf167e43363bef6f7f07016655ac1be18eb7fda7d1fb4722e7There is a use-after-free vulnerability in jscript.dll related to how the lastIndex property of a RegExp object is handled. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network. The vulnerability has been reproduced on multiple Windows versions with the most recent patches applied.
f62d6b1e08f80d9d1673d2fc9b2eeec824adb1729417fe99c60cc9f5f1203e01There is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.
3f160181c8497dc4cf1f1145b96c07f641ce5f7ac700a9824ddcbbf59315795bSkia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.
80e438c1f1bd3bccf77299b13af9143308a2335912da6260d8598c1f233e7851There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.
16307c2a076e6eedaa5e405c5a3f96d724981d8afd372bf9e6385efaff3fb94fMicrosoft Edge suffers from an ACG bypass vulnerability with OpenProcess().
e13730c75ca6f8bb32812eaeb11c4e26810eb2412806aa44f43438d5b226c9b0Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.
2f7ac558c542879acb965c4c06820f163464ea9dc3f6b7895a15dcadd6bca2f1Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.
d31d4d807418c373074dddb6b109a04ac380f06cff4cdd96d51d28909dfa8524Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.
734a98cbfc15f0c966a37c25c2d8f7d0f898a4d44f03218af7d92ba501bc2d76Microsoft Edge suffers from an ACG bypass using UnmapViewOfFile.
75ecabd99428551cbe1014fc356b85e09fce1ebc3b0a7a93516a607cecbb55caWebKit suffers from a use-after-free vulnerability in detachWrapper.
d17589f8c87f68f43fdc0fdc6baa36cb0aad0bbdbb624cbb94def83e1f56fbfaWebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.
4fb18455a7824410e8bc9a432a98671261c8e1cd41ff089a645fad3cbe7dc9bdThere is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).
515090618f71572b31595b0c710c2e74b500c7981760cbca93b60481466fa253
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed