what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 101 - 125 of 130

Files from Ivan Fratric

Mozilla Firefox ConvolvePixel Memory Disclosure

Posted May 25, 2017

Authored by Ivan Fratric, Google Security Research

Mozilla Firefox suffers from a memory disclosure vulnerability in ConvolvPixel. o.

tags | exploit

advisories | CVE-2017-5465

SHA-256 | 27c3bf47249dbc1cd71b07f2da059c87632637f14473ab6fde848168f7d09b8c

Download | Favorite | View

Mozilla Firefox gfxTextRun Out-Of-Bounds Read

Posted May 25, 2017

Authored by Ivan Fratric, Google Security Research

gfxTextRun in Mozilla Firefox suffers from a heap overflow vulnerability.

tags | exploit, overflow

advisories | CVE-2017-5447

SHA-256 | ca7dc76b101bf1ce0d07c158ddb9d23bd3cc4262052161ffea414b47ab83a329

Download | Favorite | View

Skia Graphics Library Heap Overflow

Posted May 25, 2017

Authored by Ivan Fratric, Google Security Research

Skia Graphic Library suffers from a heap overflow vulnerability.

tags | exploit, overflow

SHA-256 | a91b4dffb9db505d11d1a2211a841657e91151b846608640c0c1fc28cfbd150b

Download | Favorite | View

Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption

Posted Apr 27, 2017

Authored by Ivan Fratric, Google Security Research

There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability was confirmed on version 11.576.14393.0 (update version 11.0.38) running on Windows 10 64-bit with page heap enabled for iexplore.exe process.

tags | exploit

systems | windows

advisories | CVE-2017-0202

SHA-256 | 149166f2d66d26f641ea07d704e2cf7bd66635da58a4980d0fd218ed33ccaddd

Download | Favorite | View

WebKit WebCore::toJS Use-After-Free

Posted Apr 10, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in WebCore::toJS.

tags | exploit

advisories | CVE-2017-2476

SHA-256 | adb86ce12fcc6e8a86e2e77aaae5414ee3c6f2d62117a441a2dc1b2f81ae2f4d

Download | Favorite | View

WebKit Table Use-After-Free

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a table related use-after-free vulnerability.

tags | exploit

advisories | CVE-2017-2471

SHA-256 | ad6ceff8313954a04bafcc97247e837a090af08ee4add80afdec6fb9c28b9007

Download | Favorite | View

WebKit ComposedTreeIterator::traverseNextInShadowTree Use-After-Free

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in ComposedTreeIterator::traverseNextInShadowTree.

tags | exploit

advisories | CVE-2017-2466

SHA-256 | 089bc31087eb09c29e99dd5d3aad2424215ed1782aca5ec3c05d5911be07ad63

Download | Favorite | View

WebKit FormSubmission::create Use-After-Free

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in FormSubmission::create.

tags | exploit

advisories | CVE-2017-2460

SHA-256 | 6e9beadf0cb30dd4410eb843638647a2ed05b1713c29ec17e9738411a9e01210

Download | Favorite | View

WebKit HTMLFormElement Negative-Size Memmove

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a negative-size memmove in HTMLFormElement.

tags | exploit

advisories | CVE-2017-2459

SHA-256 | 2ba8dbddde7bedc8e91c573e2570d0bc5f48f080c2fbfa313694d30245d3d20b

Download | Favorite | View

WebKit RenderLayer Use-After-Free

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in RenderLayer.

tags | exploit

advisories | CVE-2017-2455

SHA-256 | 959e3afb136d232b7cdc73ad403ff7a2a2bf4526a28612b35ed668f32d1efc67

Download | Favorite | View

WebKit HTMLInputElement Use-After-Free

Posted Apr 9, 2017

Authored by Ivan Fratric, Google Security Research

WebKit suffers from a use-after-free vulnerability in HTMLInputElement.

tags | exploit

advisories | CVE-2017-2454

SHA-256 | 115f8e348c532d5a7f676d095142c437bf8ec19d4f44b58c6f0399c7a578f50b

Download | Favorite | View

Mozilla Firefox Table Use-After-Free

Posted Mar 21, 2017

Authored by Ivan Fratric, Google Security Research

Mozilla Firefox suffers from a table use-after-free vulnerability.

tags | advisory

advisories | CVE-2017-5404

SHA-256 | 467f7a92740d3d939226cb316dd4c5564e04846cf418f83875fb7b601f8b7208

Download | Favorite | View

Microsoft Internet Explorer textarea.defaultValue Memory Disclosure

Posted Mar 21, 2017

Authored by Ivan Fratric, Google Security Research

Microsoft Internet Explorer textarea.defaultValue suffers from a memory disclosure vulnerability.

tags | exploit

advisories | CVE-2017-0059

SHA-256 | ac793dbfcfd50f86e76daaec9db6ea8bbe858fab353e8120a1fd34fc827042c7

Download | Favorite | View

Google Chrome Layout Out-Of-Bounds Read

Posted Feb 24, 2017

Authored by Ivan Fratric, Google Security Research

Google Chrome suffers from an out-of-bounds read in layout.

tags | exploit

SHA-256 | 2d3757be67305e873ee9adecfd5373daa82c75610751deda2131394581490717

Download | Favorite | View

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion

Posted Feb 24, 2017

Authored by Ivan Fratric, Google Security Research

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement.

tags | exploit

advisories | CVE-2017-0037

SHA-256 | acb3a39defa5f6c4a6541be344f794bfefad5affcf45b6f3a062c6bf6cbb9b2b

Download | Favorite | View

Apple WebKit HTMLFormElement::reset() Use-After-Free

Posted Feb 1, 2017

Authored by Ivan Fratric, Google Security Research

Apple WebKit suffers from a use-after-free vulnerability in HTMLFormElement::reset().

tags | exploit

systems | apple

advisories | CVE-2017-2362

SHA-256 | b158536bb0befe5398fad33dbc0a172677fb99626b2fbd089843ca3ebaffd3b0

Download | Favorite | View

Apple WebKit Renderbox Type Confusion

Posted Feb 1, 2017

Authored by Ivan Fratric, Google Security Research

Apple WebKit suffers from a type confusion vulnerability in RenderBox with accessibility enabled.

tags | exploit

systems | apple

advisories | CVE-2017-2373

SHA-256 | aecb62d731142db1516e19c7ad3ff31de9aea06eb36764a6f5dabffe85b7646b

Download | Favorite | View

Apple WebKit HTMLKeygenElement Type Confusion

Posted Feb 1, 2017

Authored by Ivan Fratric, Google Security Research

Apple WebKit suffers from a HTMLKeygenElement type confusion vulnerability.

tags | exploit

systems | apple

advisories | CVE-2017-2369

SHA-256 | a3741d7c8f28b927fce34f6b61f23d32e35c5958bb3e06f77f2721bd8c990e10

Download | Favorite | View

Google Chrome HTMLKeygenElement::shadowSelect() Type Confusion

Posted Feb 1, 2017

Authored by Ivan Fratric, Google Security Research

Google Chrome suffers from a HTMLKeygenElement::shadowSelect() type confusion vulnerability.

tags | exploit

SHA-256 | 92924ae358d484104a755cd03581b22f99405cbbdad6c145f777ffe6269d3fad

Download | Favorite | View

Microsoft Internet Explorer Option Element Use-After-Free

Posted Jan 10, 2013

Authored by Ivan Fratric, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.

tags | exploit, javascript, code execution

advisories | CVE-2011-1996

SHA-256 | 307b7adfa8d05c300b48db94ceb041a3ced231d646f14a788423d6874081b7c4

Download | Favorite | View

Microsoft Internet Explorer 8 Code Execution

Posted Feb 29, 2012

Authored by Ivan Fratric

This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.

tags | exploit, arbitrary, proof of concept

advisories | CVE-2011-1999

SHA-256 | 31cef28f3ae91f47c652ada6f2b786f3ba4d464050c6d2c3cfd46b5a0f99df82

Download | Favorite | View

Internet Explorer Code Execution

Posted Oct 14, 2011

Authored by Ivan Fratric

Two code execution vulnerabilities have been discovered in Internet Explorer. One vulnerability is caused by incorrectly validating integer parameter passed to the 'add' method of the Select HTML element. Another vulnerability is caused by a use-after-free bug triggered by accessing a previously deleted Option element.

tags | advisory, vulnerability, code execution

advisories | CVE-2011-1999, CVE-2011-1996

SHA-256 | 00ed6913fc28235fa406b329358c7b4198e80bad1be3a6a32de2641d3a1cb323

Download | Favorite | View

Microsoft GDI+ TIFF Processing Memory Corruption

Posted Oct 15, 2009

Authored by Ivan Fratric

There is a memory corruption vulnerability in TIFF file processing in Microsoft GDI+ that can be used to crash a vulnerable application and also to execute arbitrary code.

tags | advisory, arbitrary

advisories | CVE-2009-2503

SHA-256 | bdd741e4995e907c04dc70b34e10d128524fc033d85598a7865541896555676f

Download | Favorite | View

Windows Media Audio Voice Decoder Code Execution

Posted Oct 15, 2009

Authored by Ivan Fratric

There is a vulnerability in Windows Media Audio Voice decoder distributed with Windows Media Player that allows remote code execution by opening a specially crafted web page.

tags | advisory, remote, web, code execution

systems | windows

advisories | CVE-2009-0555

SHA-256 | b13d4b308ea79c8f831f71e5cd1f0456f63eb50ba6410288c818e83acdcbdff6

Download | Favorite | View

ie6js-exec.txt

Posted Oct 16, 2008

Authored by Ivan Fratric

Microsoft Internet Explorer 6 suffers from a javascript vulnerability that allows for remote memory disclosure and remote code execution.

tags | advisory, remote, javascript, code execution

advisories | CVE-2008-3475

SHA-256 | 4df8eab8ee9d106ddee39f7fe4a638d19b5f617740aec69742d8195eb8d78922

Download | Favorite | View