exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2015-08-20

Windows Kernel ATMFD.DLL OOB Reads
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2458
SHA-256 | 211858c5b9e08bfdb94ac6f00d553181d66e260d3e96b6772ee5d08a2eeebad8
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow In Win32k!scl_ApplyTranslation
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2456
SHA-256 | 04fddfcac6b041b9767e037c57308e83d27c063d91368ef64e5e28a5f2f828ad
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap #2
Posted Aug 20, 2015
Authored by Google Security Research, external

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-5127
SHA-256 | fb9a0a904e45cd0df6256c9beee44fab0c8f0d32abe86dd2ede36f7255957e4d
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!itrp_IUP function (a handler of the IUP[] TTF program instruction) while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2455
SHA-256 | 2da68c42d8b015345141bebfbde7346273991659273a83e794878106ce64e9e5
Flash UAF With Color.setRGB In AS2
Posted Aug 20, 2015
Authored by Google Security Research, external

When calling Color.setRGB in AS2 it is possible to free the target_mc object used in the Color constructor while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-3128
SHA-256 | 025afc3b744a755fe32430c68ff260ef742b1772b907721185ee3c58dbde5b57
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5132
SHA-256 | a9bceda55620d3ed4cd20aec8a272a586fc3442122decbc24a9ba59a81f9b08b
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated SWF File
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

An access violation occurs in Adobe Flash Player plugin while parsing a mutated swf file.

tags | exploit
systems | linux
advisories | CVE-2015-5131
SHA-256 | d1b4ab4f8b0404b6ba7f6fd0ce0dddffa431bd6d447a9316b9385e81916c89f2
Adobe Flash Use-After-Free When Setting Value
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal atom to a value, it can lead to a use-after-free if the variable is a SharedObject.

tags | exploit
systems | linux
advisories | CVE-2015-5539
SHA-256 | 90eacb51d34198b2be5fdbf20c1cbafadb5acc055ea1efde7be967cbaf2262ef
Flash UAF With MovieClip.scrollRect In AS2
Posted Aug 20, 2015
Authored by Google Security Research, bilou

When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle it is possible to free the MovieClip while a reference remains in the stack.

tags | exploit
systems | linux
advisories | CVE-2015-5130
SHA-256 | 784ff7b73b5ba4aba1ac24bbe51f62d68e8c1405d60181192fb3613898562723
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap
Posted Aug 20, 2015
Authored by Google Security Research, bilou

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-3080
SHA-256 | 2e1c6f0cbff4d283e27bc67ff2c3d6a2f97825e1fb4b4c03692fb92493f675d7
Adobe Flash Use-After-Free When Setting Variable
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

In certain cases where a native AS2 class sets an internal variable, it can lead to a use-after-free if the variable is a SharedObject. While this example shows setting NetConnection.contentType, this applies to several other variables including many properties of the Sound and NetStream classes.

tags | exploit
systems | linux
advisories | CVE-2015-5134
SHA-256 | 988359360be0f5f9adf193f6cd3a04d83c07dd40e147fd6dcd237b7482c3bf8c
Flash Boundless Tunes Universal SOP Bypass Through ActionSctipt's Sound Object
Posted Aug 20, 2015
Authored by Google Security Research, ojakigamon

An instance of ActionScript's Sound class allows for loading and extracting for further processing any kind of external data, not only sound files. Same-origin policy doesn't apply here. Each input byte of raw data, loaded previously from given URL, is encoded by an unspecified function to the same 8 successive sample blocks of output. The sample block consists of 8 bytes (first 4 bytes for left channel and next 4 bytes for right channel). Only 2 bytes from 8 sound blocks (64 bytes) are crucial, the rest 52 bytes are useless. Each byte of input from range 0-255 has corresponding constant unsigned integer value (a result of encoding), so for decoding purposes you can use simply lookup table (cf. source code from BoundlessTunes.as).

tags | exploit
systems | linux
advisories | CVE-2015-5116
SHA-256 | fc4873a13244f4cbc031eca310103bf8bf2dd9f88a4c98659fde47aa2310d88d
NetConnection.connect Use-After-Free
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

If the fpadInfo property of a NetConnection object is a SharedObject, a use-after-free occurs when the property is deleted.

tags | exploit
systems | linux
advisories | CVE-2015-3107
SHA-256 | b56d353e5eaa5e4528ff1ffb7dc841c80fd0d96e3e3d63729b195cd39ca14474
Flash Use-After-Free In Display List Handling Round 2
Posted Aug 20, 2015
Authored by Google Security Research, external

Three use-after-free proof of concept exploits for Flash.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-3124
SHA-256 | 2e4eefce9ede8e949e02bc78fdf89f165e66883de32412b8f8591292e5d9a762
Flash AS2 Use After Free While Setting TextField.filters
Posted Aug 20, 2015
Authored by Google Security Research, external

A use-after-free bug exists while setting the TextFilter.filters array.

tags | exploit
systems | linux
advisories | CVE-2015-3118
SHA-256 | 31a6c05930a52b35dcd3d8092a6d0a8288bfbf9225bc353369358d98b9ab95b8
Adobe Flash Use-After-Free In Scale9Grid
Posted Aug 20, 2015
Authored by Google Security Research, natashenka

There is a use-after-free issue if the scale9Grid setting is called on an object with a member that then frees display item. This issue occurs for both MovieClips and Buttons, it needs to be fixed in both classes.

tags | exploit
systems | linux
SHA-256 | 80b4a9baafb714f2dd9d49514a0fc66cae5b4722cb091640d14ef74e3e9fafcc
Flash Out-Of-Bounds Read In UTF Conversion
Posted Aug 20, 2015
Authored by Google Security Research, hawkes

This is a OOB read vulnerability when processing the SCRIPTDATASTRING object in Flv file.

tags | exploit
systems | linux
advisories | CVE-2015-3134
SHA-256 | b7ac22badf51c7c646164605a8e31a6bc88e7bf96892a72cbd86c59704b16c46
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close