what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2
Posted Apr 3, 2018
Authored by Google Security Research, lokihardt

A security fix applied for Microsoft Edge Chakra JIT is incomplete.

tags | exploit
advisories | CVE-2018-0934
SHA-256 | 7fa9ae7d44d240e41a8c31b515d60a4f1624eb25e026c49221e4151fba5ea6c4

Related Files

Adobe Flash Shared Object Lacks Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.

tags | exploit
systems | linux
advisories | CVE-2015-5562
SHA-256 | 19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4
Microsoft Office 2007 MSPTLS Heap Index Integer Underflow
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | 6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335
Mozilla Maintenance Service Log File Overwrite Elevation Of Privilege
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.

tags | exploit
systems | linux
advisories | CVE-2015-4481
SHA-256 | 9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6
Flash Heap-Based Buffer Overflow Due To Indexing Error When Loading FLV File
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5118
SHA-256 | 4673942893163cde81ade110d85287f3016da128ff399dfaf5a45be550ea11c7
Flash Heap-Based Buffer Overflow Loading FLV File With Nellymoser Audio Codec
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-4432
SHA-256 | 6dc90c34eaf395d7b5fc097c96fc3bbf1b826f568a8b16ab718447c06a8884a7
Microsoft Office 2007 Wwlib.dll FcPlcfFldMom Uninitialized Heap Usage
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.

tags | exploit, x86
systems | linux, windows
SHA-256 | 03f7aa286c6f7a41a1b151784a5669dfb726e0a84605f216c88584600f74d02f
Microsoft Office 2007 Wwlib.dll Type Confusion
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | a0cd6e10f73a59037ae74f44a92933339dbaf1a11fe054b8edf070270dd6a4c0
Adobe Flash FileReference Class Is Missing Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.

tags | exploit
systems | linux
advisories | CVE-2015-5558
SHA-256 | 913b0be9845adb6b994362bb787074269b6c1eeb7980d5b0f158933108a65e1a
Microsoft Office 2007 OGL.dll DpOutputSpanStretch:OutputSpan Out Of Bounds Write
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1abb29b1bfd3c4155dea845a8f4a1b457d8108a08fdcb085f1548e3efeb296aa
Adobe Flash TextField.gridFitType Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField gridFitType setter.

tags | exploit
systems | linux
advisories | CVE-2015-5557
SHA-256 | 9cfc47e31890f361abe09b956c4448a09809f5f2f950712ad016beb1ef1a03f2
Microsoft Office 2007 MSO.dll Arbitrary Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 running on Windows 7 x86. The attached PoC file will reproduce when Word is closed. However, there were other crashing files (not attached) faulting on the same EIP that did not require Word to be be closed to trigger the crash. This particular PoC did not minimize cleanly and has 666 deltas from the original non-fuzzed file.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1b07b9c7986e7c9c019e444f6094091612c97c9809f57e6a2e72cfe6cd7b5126
Adobe Flash XMLSocket Destructor Does Not Get Cleared Before Setting User Data In Connect (Part 2)
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If XMLSocket connect is called on an object that already has a destroy function set, such as a BitmapData object, the method will set the user data of that object, but not clear the destroy function. This leads to type confusion when the user data is freed during garbage collection.

tags | exploit
systems | linux
advisories | CVE-2015-5554
SHA-256 | 95ab8619713493badebfbf2dae76fc13420fcd4f602713b108d2bb448361a346
Microsoft Office 2007 MSO.dll Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample did not reproduce in Office 2010 running on Windows 7 x86. The attached minimized PoC that produces the crash with 2 bit changes from the original file at offsets 0x11E60 and 0x1515F. Standard office document parsers did not reveal any significance about this location.

tags | exploit, x86
systems | linux, windows
SHA-256 | 64642201e34edd3485b55db10852c7ff6216617108d4d18639058079b398f937
Adobe Flash URL Resource Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

Adobe Flash suffers from a URL resource use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-4430
SHA-256 | b04ff115627b5b76c68978f46ab63e22389ddd834b882f77fa2abc234019242e
Adobe Flash Type Confusion In TextRenderer.setAdvancedAntialiasingTable
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in TextRenderer.setAdvancedAntialiasingTable. If the font, insideCutoff or outsideCutoff are set to objects that are not integers, they are still assumed to be integers.

tags | exploit
systems | linux
advisories | CVE-2015-5555
SHA-256 | a39594a8976bb4f531c327c7e110dd1c104a7e1916ad2cb698311e6d442f6784
Adobe Flash Use-After-Free In CreateTextField
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in CreateTextField in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5556
SHA-256 | 273c349edf06a32073f319cedaeee5bb11cb28bcdc6a8e4ff0b6c4491275e257
Chrome Heap Overflow In Linux HID Device Handler
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

A heap overflow exists due to a 64-32 integer truncation issue in device/hid/hid_connection_linux.cc.

tags | exploit, overflow
systems | linux
SHA-256 | 770ba2318e417025ee29f56a1103dfb964c9deb4f6c83609e26beb78d0effa4f
Flash Bad / Wild Write In XML When Callback Modifies XML Tree
Posted Aug 21, 2015
Authored by Chris Evans, Google Security Research

The proof of concept works by triggering a wild copy in order to demonstrate the crash. But other side-effects are possible such as decrementing the refcount of an out-of-bounds index.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-5549
SHA-256 | d354b53a4080ae486dd69761b4252b5e10b5e424aae7f11b794443c70d285daa
Adobe Flash Use-After-Free In SwapDepths
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.swapDepths in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5550
SHA-256 | fdc90abdb1b2a25ee44d0715804979dcd608cbd02e9a1639cbcdf73c438f77f6
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Write In Win32k!fsc_BLTHoriz
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_BLTHoriz function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2464
SHA-256 | 5b06b6212cc51d413bdd06023037f42808725455f1165b6efd62121434c36394
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Memory Access In Win32k!fsc_RemoveDups
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_RemoveDups function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2463
SHA-256 | 49ff9762af828d1e6b2e50488ceae9afbbccea4122ec458cc3e8a553d5f7e5aa
Flash Wild Pointer Crash In XML Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample file, signal_sigsegv_7ffff637297a_8900_e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes, perhaps relating to XML handling.

tags | exploit
systems | linux
advisories | CVE-2015-5548
SHA-256 | 4c1acddf8f07f6545317d049c59f4af89211c523cf6ef53842973345239d2469
Flash Wild Pointer In Button Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes on Linux x64.

tags | exploit
systems | linux
advisories | CVE-2015-5547
SHA-256 | 576dca8249e5bf441b6ff1587895439d38da0d1c81ab8174fa260345c26a6b1b
Flash Bad Dereference At 0x23c On Linux X64
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff603deef_1525_268381c02bc3b05c84578ebaeafc02f0.swf, typically crashes on Linux x64 build (Flash v17.0.0.188).

tags | exploit
systems | linux
advisories | CVE-2015-5546
SHA-256 | fd12f01c9fd51ba81094c5dc05092a2ce0cc36a748d2d389573b850c73ad3728
Flash Wild Pointer Crash After Continuing Slow Script
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached swf file in Google Chrome (Linux x64) will eventually result in dialog offering to terminate the slow script.

tags | exploit
systems | linux
advisories | CVE-2015-5545
SHA-256 | 17b207be2be2c98b9917a15b28b622575b3a5ea1d9db9361a651b483559ced30
Page 2 of 4
Back1234Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close