what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Pdfium Pattern Shading Integer Overflow
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from integer overflow vulnerabilities in pattern shading.

tags | exploit, overflow, vulnerability
SHA-256 | 4d935fa943fbc44b9937952cadde9af1947020b1ac363f12570b622bf6f56911

Related Files

Pdfium Shading Pattern Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.

tags | exploit
SHA-256 | 02680f03b5081f40044a2e4ca25561b68960dcd1b645e45aa7c8482ac2740d08
Pdfium Colorspaces Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.

tags | advisory
SHA-256 | 12f03767c9d43e8a501e1d3a1b41c4dd55373be4fd2eac5418f3d65528b4290b
Pdfium Opj_t2_read_packet_header Use-After-Free
Posted Feb 1, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap use-after-free in Opj_t2_read_packet_header (libopenjpeg).

tags | exploit
systems | linux
SHA-256 | f490135999bdb6aec56d465b12bc1e8137d4758c9383764e415e6fea60392a19
Pdfium Opj_j2k_read_mcc Out-Of-Bounds Read
Posted Jan 27, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap-based out-of-bounds read in Opj_j2k_read_mcc (libopenjpeg).

tags | exploit
systems | linux
SHA-256 | 9e967851534fd579d0655685231a3b3e4c133231434770867bb38de1686a32dc
Pdfium Opj_jp2_apply_pclr Out-Of-Bounds Read
Posted Jan 27, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap-based out-of-bounds read in Opj_jp2_apply_pclr (libopenjpeg).

tags | exploit
systems | linux
SHA-256 | 97247ca7bd5dbf856539b4911c7436201d602271e02e9af4f663fa3fc5efda7a
Pdfium Buffer Overflow
Posted Jan 4, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a stack-based buffer overflow in CPDF_Function:Call.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-6787
SHA-256 | 3748cee20c65288c55a39b5bfcadefb62238fbc539b59c96cb3dec3417e97e25
Pdfium CPDF_DIBSource:DownSampleScanline32Bit Out-Of-Bounds Read
Posted Jan 4, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap-based out-of-bounds read in CPDF_DIBSource:DownSampleScanline32Bit.

tags | exploit
systems | linux
advisories | CVE-2015-6787
SHA-256 | 121d7b0f671fd942a909f180db1ef4651a6c870f171dfa8d1ea6a719e538dfd7
Pdfium CPDF_TextObject:CalcPositionData Out-Of-Bounds Read
Posted Jan 4, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap-based out-of-bounds read in CPDF_TextObject:CalcPositionData.

tags | exploit
systems | linux
advisories | CVE-2015-6787
SHA-256 | b031e291fdb4f303dc9a01a5b2ee0ac88484453d2f8c4008a0fb3ff73fc15621
Pdfium IsFlagSet Crash
Posted Jan 4, 2016
Authored by Google Security Research, mjurczyk

Pdfium suffers from a SIGSEGV in IsFlagSet.

tags | exploit
systems | linux
SHA-256 | e30035b61769c280e5944cfeeb90fad7ca8f225261b750c6d91e07fa2514a1c1
Pdfium Opj_dwt_decode_1 Out Of Bounds Read
Posted Sep 22, 2015
Authored by Google Security Research, mjurczyk

Pdfium suffers from a heap-based out-of-bounds read vulnerability in Opj_dwt_decode_1 (libopenjpeg).

tags | exploit
systems | linux
SHA-256 | d20c039518c40f0e159c48830e1d0f707213086eb513383b2e55a5136f0ce263
Pdfium CPDF_SampledFunc:v_Call Unmapped Memory Read (SIGSEGV) Crash
Posted Sep 22, 2015
Authored by Google Security Research, mjurczyk

Pdfium suffers from an unmapped memory read (SIGSEGV) crash in CPDF_SampledFunc:v_Call.

tags | exploit
systems | linux
SHA-256 | bcea2e10f4a34c9f72f86396283659a515a7b1802c1e85445c9e56df7078cd48
Windows Task Scheduler DeleteExpiredTaskAfter File Deletion Privilege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Task Scheduler can be made to delete a task after it's trigger has expired. No check is made to ensure the task file is not a junction which allows arbitrary files to be deleted by the system user leading to EoP.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2015-2525
SHA-256 | c30785bf661d0d66daa78abe61a94c360587d6e66ae875cfc5a81dc4ec54b02e
Windows NtUserGetClipboardAccessToken Token Leak Redux
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The NtUserGetClipboardAccessToken win32k system call exposes the access token of the last user to lower-privileged users. It can also be used to open an anonymous impersonation thread token which normally OpenThreadToken shouldn't be able to do. This is a bypass of the fix for CVE-2015-0078.

tags | exploit
systems | linux
advisories | CVE-2015-2527
SHA-256 | 9bcf7274e363f1dc579d9ed68048a01019d56cc2f841f1a4a04c182389196296
Microsoft Office Excel 2007, 2010, 2013 Use-After-Free With BIFFRecord
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

Microsoft Excel 2007 running on Windows 2003 suffers from a use-after-free vulnerability.

tags | exploit
systems | linux, windows
advisories | CVE-2015-2523
SHA-256 | 460bd27af88f7165a795d698b85d2e4cd8c83732200f70dc5c84e7b8e4818f79
Microsoft Office 2007 BIFFRecord Length Use-After-Free
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

A use-after-free crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.

tags | exploit
systems | linux
advisories | CVE-2015-2520
SHA-256 | 3b2e620089c3777eb2d36942713f33cf68f9865e894dbaee83bdbdb3af57385c
Microsoft Office 2007 OLESSDirectyEntry.CreateTime Type Confusion
Posted Sep 18, 2015
Authored by Google Security Research, scvitti

A type confusion crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 or 2013.

tags | exploit
systems | linux
advisories | CVE-2015-2521
SHA-256 | 247823ed9395d266e8674965a149848a04a5b7380aa2bf3723839d71d6ca65a6
Windows CreateObjectTask TileUserBroker Privlege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is allows a user to set their account picture for the logon screen.

tags | exploit, shell, local
systems | linux, windows
advisories | CVE-2015-2528
SHA-256 | 6a43091589e97afa78001dc6e8f0c4e88aed1de975f8578e7b0706c3c45901f3
Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Posted Sep 18, 2015
Authored by Google Security Research, forshaw

The Microsoft\Windows\Shell\CreateObjectTask initializes a shell32 based ICreateObject COM server as local system. This is marked as being accessible from a normal user account so once created we can attach to it. The server only has one method, CreateObject which checks the CLSID against a list of known safe classes before allowing it to be instantiated. One of these classes is a diagnostic class for setting synchronization implemented in SettingSync.dll.

tags | exploit, shell, local
systems | linux, windows
advisories | CVE-2015-2524
SHA-256 | 6aef4dd16b7085d61fe94cd118f3ece652f9cd33df0722b63a4bf31f53557554
OS X IOKit Kernel Memory Corruption
Posted Sep 18, 2015
Authored by Google Security Research, Ian Beer

An OS X IOKit kernel memory corruption issue occurs due to a bad bzero in IOBluetoothDevice.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2014-8836
SHA-256 | f3d2f3b8051f90b86f0cfd263f09f98a7e0e04c1e1fcff20c13e3ca8f318052c
Adobe Reader X And XI For Windows Out-of-bounds Write In CoolType.dll
Posted Sep 18, 2015
Authored by Google Security Research, mjurczyk

Adobe Reader X and XI for windows suffers from an out-of-bounds write in CoolType.dll.

tags | exploit
systems | linux, windows
advisories | CVE-2014-9160
SHA-256 | 94d511f0b5c52532ba8c4998f0ae71bb9ef6d1788cd193c33ea257be138b259f
Windows Type-Confusion / Memory Corruption
Posted Sep 14, 2015
Authored by Google Security Research, matttait

The Windows Kernel is subject to two related kernel-mode type-confusion vulnerabilities inside win32k!xxxRemoteReconnect. In both cases, a user-mode parameter passed to the syscall is incorrectly resolved to its underlying kernel representation via ObReferenceObjectByHandle passing NULL as the "ObType" field (rather than *IoFileTypeObject and *IoDeviceTypeObject respectively). Because the type is not checked, if a handle of a type other than a HANDLE to a file and a device are passed, the kernel incorrectly uses the underlying representation of the object as a PFILE_OBJECT and a PDEVICE_OBJECT, causing memory corruption in the kernel.

tags | advisory, kernel, vulnerability
systems | linux, windows
SHA-256 | 1fc87129199a0c6cd9e6a9fa146cc6e891c7331266896538d14fc884c57013ba
OS X Suid Privilege Escalation
Posted Sep 14, 2015
Authored by Google Security Research, Ian Beer

The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two proxy objects to an IFInstallRunner and calling [IFInstallRunner makeReceiptDirAt:asRoot:] in the first and passing a custom object as the directory name we can get a callback to our code just after the makeReceiptDirAt code has called seteuid(0);setguid(0) to regain privs. Since BSD priviledges are per-process this means that our other proxy object will now have euid 0 without having to provide an authorization reference. In this second proxy we can then just call runTaskSecurely and get a root shell before returning from the first proxy's callback function which will then drop privs.

tags | exploit, shell, root
systems | linux, bsd
advisories | CVE-2015-5754
SHA-256 | 1fd4f2bf985f7460d71d17680841dc5c059fe7c05b9a7ac1a776291868ff74e3
OS X Privilege Escalation
Posted Sep 14, 2015
Authored by Google Security Research, Ian Beer

The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root and exploitable.

tags | exploit, root
systems | linux
advisories | CVE-2015-3704
SHA-256 | a34aa2485110ffeff9b63cf7063d71e3ac6548549f001e7517073b7f1ffaa5ca
OS X Install.framework Suid Root Binary
Posted Sep 14, 2015
Authored by Google Security Research, Ian Beer

Install.framework has a suid root binary at /System/Library/PrivateFrameworks/Install.framework/Resources/runner that allows for arbitrary mkdir, unlink, and chown.

tags | exploit, arbitrary, root
systems | linux
advisories | CVE-2015-5784
SHA-256 | 4b9ea14e8540ddbdec18fe305074224119369e420b4ed663a1f2bac393fa7f15
Windows win32k!NtUserSetInformationThread Type Confusion
Posted Sep 9, 2015
Authored by Google Security Research, matttait

The Windows Kernel is subject to a kernel-mode type-confusion vulnerability inside win32k!NtUserSetInformationThread due to referencing a user-mode handle via ObReferenceObjectByHandle with a "NULL" type specified (it should instead be using *LpcPortObjectType to protect against this vulnerability). This vulnerability can be triggered from inside CSRSS via the syscall win32k!NtUserSetInformationThread with ThreadInformationClass set to "UserThreadCsrApiPort" and the parameter of the syscall set to a HANDLE that is not an LPC object.

tags | advisory, kernel
systems | linux, windows
SHA-256 | f08ca467d2241babc70e51da65057abb65b9ecf85249b35405cfc513910c45d6
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close