what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Skia Graphics Library Heap Overflow
Posted May 25, 2017
Authored by Ivan Fratric, Google Security Research

Skia Graphic Library suffers from a heap overflow vulnerability.

tags | exploit, overflow
SHA-256 | a91b4dffb9db505d11d1a2211a841657e91151b846608640c0c1fc28cfbd150b

Related Files

Flash Bad / Wild Write In XML When Callback Modifies XML Tree
Posted Aug 21, 2015
Authored by Chris Evans, Google Security Research

The proof of concept works by triggering a wild copy in order to demonstrate the crash. But other side-effects are possible such as decrementing the refcount of an out-of-bounds index.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-5549
SHA-256 | d354b53a4080ae486dd69761b4252b5e10b5e424aae7f11b794443c70d285daa
Adobe Flash Use-After-Free In SwapDepths
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.swapDepths in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5550
SHA-256 | fdc90abdb1b2a25ee44d0715804979dcd608cbd02e9a1639cbcdf73c438f77f6
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Write In Win32k!fsc_BLTHoriz
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_BLTHoriz function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2464
SHA-256 | 5b06b6212cc51d413bdd06023037f42808725455f1165b6efd62121434c36394
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Memory Access In Win32k!fsc_RemoveDups
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_RemoveDups function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2463
SHA-256 | 49ff9762af828d1e6b2e50488ceae9afbbccea4122ec458cc3e8a553d5f7e5aa
Flash Wild Pointer Crash In XML Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample file, signal_sigsegv_7ffff637297a_8900_e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes, perhaps relating to XML handling.

tags | exploit
systems | linux
advisories | CVE-2015-5548
SHA-256 | 4c1acddf8f07f6545317d049c59f4af89211c523cf6ef53842973345239d2469
Flash Wild Pointer In Button Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes on Linux x64.

tags | exploit
systems | linux
advisories | CVE-2015-5547
SHA-256 | 576dca8249e5bf441b6ff1587895439d38da0d1c81ab8174fa260345c26a6b1b
Flash Bad Dereference At 0x23c On Linux X64
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff603deef_1525_268381c02bc3b05c84578ebaeafc02f0.swf, typically crashes on Linux x64 build (Flash v17.0.0.188).

tags | exploit
systems | linux
advisories | CVE-2015-5546
SHA-256 | fd12f01c9fd51ba81094c5dc05092a2ce0cc36a748d2d389573b850c73ad3728
Flash Wild Pointer Crash After Continuing Slow Script
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached swf file in Google Chrome (Linux x64) will eventually result in dialog offering to terminate the slow script.

tags | exploit
systems | linux
advisories | CVE-2015-5545
SHA-256 | 17b207be2be2c98b9917a15b28b622575b3a5ea1d9db9361a651b483559ced30
Flash Wild Pointer Crash In Drawing And Bitmap Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

A nasty looking crash is manifesting in various different ways under fuzzing, apparently related to drawing and bitmap handling.

tags | exploit
systems | linux
advisories | CVE-2015-5544
SHA-256 | e53bbf5ffe51ba5e1ba406eb0b58ff40edd25c9943807440ef21cb92a486578d
Windows Kernel ATMFD.DLL Out-of-bounds Read Due To Malformed FDSelect Offset In The CFF Table
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2462
SHA-256 | 67e07a94bd3af7f8fb477b9542888d1cf25f1dc629893818446d17a6c15e0452
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated TTF File Embedded In SWF
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

An out-of-bounds memory read occurs when Adobe Flash parses a mutated TTF file embedded in a swf.

tags | exploit
systems | linux
advisories | CVE-2015-5133
SHA-256 | 3e2118575612a001e7d4cabff18c63bc1b2734d53f9b701a601c82011bcff5be
Flash AS2 Use After Free In TextField.filters (Again)
Posted Aug 21, 2015
Authored by Google Security Research, external

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
SHA-256 | c8c4ddb8248e3234cb7f686b990e44c2c471253c71a58e09d477456af6b8c3b9
Flash DefineBitsLossless / DefineBitsLossless2 Uninitialized Memory
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.

tags | exploit
systems | linux
advisories | CVE-2015-3093
SHA-256 | 396c2a8d45a861b578261ac35463e414a0c7141b924077f21e2a31daf61bcf90
Flash Uninitialized Stack Variable While Parsing An MPD File Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, external

Loading a weird MPD file can corrupt flash player's memory.

tags | exploit
systems | linux
advisories | CVE-2015-3089
SHA-256 | 838fb72db8a1b4cff405ee11b823ee6860c72fe5b2122b2eea654ffdf46183a5
Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
SHA-256 | 4fd920218793a46ab9cce3ab98f7a35862ab1c6417a8854638fed40036695f51
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
SHA-256 | 851dccc1f099ae9b266f4f0571a50d127e908035fc85ecbce224da0685db6067
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
SHA-256 | 989036efd58bbccc9c007b2a7121bd6ba170455cc7d74bc71d5f4bbe336962f7
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
SHA-256 | ff44243af4b26853124e63a9869c6b81f401bc2ad222680958329a437559b8ef
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
SHA-256 | 32f8d2576cdd393f19c2a9cdbb6d3476d8fda0611004641c02e347365ebea2ae
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
SHA-256 | 6ace69fba4e02dc5c9eedf369a1611909bcd055bd1c38c7a835323a1176ce061
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
SHA-256 | f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2eca
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
SHA-256 | 51ba13f671a701f0476a89dfbec32f4088b01330862ec09c0a793c9e3d8643a0
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows
SHA-256 | 8e80a5edbfcfa8ce64460f4e9edf0e6164d6af2253e064cbdbd72a18a7cc6f4a
Windows Kernel ATMFD.DLL OOB Reads
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2458
SHA-256 | 211858c5b9e08bfdb94ac6f00d553181d66e260d3e96b6772ee5d08a2eeebad8
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow In Win32k!scl_ApplyTranslation
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2456
SHA-256 | 04fddfcac6b041b9767e037c57308e83d27c063d91368ef64e5e28a5f2f828ad
Page 3 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close