exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-08-20

Windows Kernel ATMFD.DLL OOB Reads
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2458
MD5 | f5ea49dd5efe9dedcd4705747dbe9fc0
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow In Win32k!scl_ApplyTranslation
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2456
MD5 | ce4b5423e67c369d266b377bd38bdcc1
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap #2
Posted Aug 20, 2015
Authored by Google Security Research, external

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-5127
MD5 | 98dfc52e2c29a26170667b61ab95b21e
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!itrp_IUP function (a handler of the IUP[] TTF program instruction) while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2455
MD5 | 8664b8bbef571e33a102ab0ca774bf90
Flash UAF With Color.setRGB In AS2
Posted Aug 20, 2015
Authored by Google Security Research, external

When calling Color.setRGB in AS2 it is possible to free the target_mc object used in the Color constructor while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-3128
MD5 | 2ec9bf99bb3f0ee0060097cfc51efb74
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5132
MD5 | a8c2959381f256cd9fa62ce495f60382
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5131
MD5 | 98783e7375acc63c04b5809fe911e197
Adobe Flash Use-After-Free When Setting Value
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal atom to a value, it can lead to a use-after-free if the variable is a SharedObject.

tags | exploit
systems | linux
advisories | CVE-2015-5539
MD5 | 591f0d001b29e79e105e833fd843feee
Flash UAF With MovieClip.scrollRect In AS2
Posted Aug 20, 2015
Authored by Google Security Research, bilou

When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle it is possible to free the MovieClip while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-5130
MD5 | f4a9e418d4012fc762ca51f36ba1905b
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap
Posted Aug 20, 2015
Authored by Google Security Research, bilou

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-3080
MD5 | f990f281662e63297e4e420558becb41
Adobe Flash Use-After-Free When Setting Variable
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the variable is a SharedObject. While this example shows setting NetConnection.contentType, this applies to several other variables including many properties of the Sound and NetStream classes.

tags | exploit
systems | linux
advisories | CVE-2015-5134
MD5 | 108c2c14dbd02f7d22486ca21ac6a1e8
Flash Boundless Tunes Universal SOP Bypass Through ActionSctipt's Sound Object
Posted Aug 20, 2015
Authored by Google Security Research, ojakigamon

An instance of ActionScript's Sound class allows for loading and extracting for further processing any kind of external data, not only sound files. Same-origin policy doesn't apply here. Each input byte of raw data, loaded previously from given URL, is encoded by an unspecified function to the same 8 successive sample blocks of output. The sample block consists of 8 bytes (first 4 bytes for left channel and next 4 bytes for right channel). Only 2 bytes from 8 sound blocks (64 bytes) are crucial, the rest 52 bytes are useless. Each byte of input from range 0-255 has corresponding constant unsigned integer value (a result of encoding), so for decoding purposes you can use simply lookup table (cf. source code from BoundlessTunes.as).

tags | exploit
systems | linux
advisories | CVE-2015-5116
MD5 | 6c4444c8a2ce9487d095dddcf56fd9a6
NetConnection.connect Use-After-Free
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted.

tags | exploit
systems | linux
advisories | CVE-2015-3107
MD5 | 7a301687ad157760c20982f01d8548d6
Flash Use-After-Free In Display List Handling Round 2
Posted Aug 20, 2015
Authored by Google Security Research, external

Three use-after-free proof of concept exploits for Flash.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-3124
MD5 | 506b724a11deb1a6922e2c4df89c3dcf
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
MD5 | fb333b118060a738b5d2c8937a05a1d9
Adobe Flash Use-After-Free In Scale9Grid
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

There is a use-after-free issue if the scale9Grid setting is called on an object with a member that then frees display item. This issue occurs for both MovieClips and Buttons, it needs to be fixed in both classes.

tags | exploit
systems | linux
MD5 | fcea540a5d90ae8550ce53297082da48
Flash Out-Of-Bounds Read In UTF Conversion
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

This is a OOB read vulnerability when processing the SCRIPTDATASTRING object in Flv file.

tags | exploit
systems | linux
advisories | CVE-2015-3134
MD5 | b37ae7ca4b5966bf0417d718a7c2e83d
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close