exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

KVM VMX Preemption Timer Use-After-Free
Posted Feb 16, 2019
Authored by Google Security Research, Felix Wilhelm

KVM suffers from a use-after-free vulnerability after using the emulated VMX preemption timer.

tags | exploit
advisories | CVE-2019-7221
SHA-256 | 6128c94e53f07c17d60e06af6b3765bb461919eaaf1675c8911ad9a188e4a045

Related Files

Adobe Flash Use-After-Free In SwapDepths
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.swapDepths in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5550
SHA-256 | fdc90abdb1b2a25ee44d0715804979dcd608cbd02e9a1639cbcdf73c438f77f6
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Write In Win32k!fsc_BLTHoriz
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_BLTHoriz function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2464
SHA-256 | 5b06b6212cc51d413bdd06023037f42808725455f1165b6efd62121434c36394
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Memory Access In Win32k!fsc_RemoveDups
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_RemoveDups function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2463
SHA-256 | 49ff9762af828d1e6b2e50488ceae9afbbccea4122ec458cc3e8a553d5f7e5aa
Flash Wild Pointer Crash In XML Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample file, signal_sigsegv_7ffff637297a_8900_e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes, perhaps relating to XML handling.

tags | exploit
systems | linux
advisories | CVE-2015-5548
SHA-256 | 4c1acddf8f07f6545317d049c59f4af89211c523cf6ef53842973345239d2469
Flash Wild Pointer In Button Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes on Linux x64.

tags | exploit
systems | linux
advisories | CVE-2015-5547
SHA-256 | 576dca8249e5bf441b6ff1587895439d38da0d1c81ab8174fa260345c26a6b1b
Flash Bad Dereference At 0x23c On Linux X64
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff603deef_1525_268381c02bc3b05c84578ebaeafc02f0.swf, typically crashes on Linux x64 build (Flash v17.0.0.188).

tags | exploit
systems | linux
advisories | CVE-2015-5546
SHA-256 | fd12f01c9fd51ba81094c5dc05092a2ce0cc36a748d2d389573b850c73ad3728
Flash Wild Pointer Crash After Continuing Slow Script
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached swf file in Google Chrome (Linux x64) will eventually result in dialog offering to terminate the slow script.

tags | exploit
systems | linux
advisories | CVE-2015-5545
SHA-256 | 17b207be2be2c98b9917a15b28b622575b3a5ea1d9db9361a651b483559ced30
Flash Wild Pointer Crash In Drawing And Bitmap Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

A nasty looking crash is manifesting in various different ways under fuzzing, apparently related to drawing and bitmap handling.

tags | exploit
systems | linux
advisories | CVE-2015-5544
SHA-256 | e53bbf5ffe51ba5e1ba406eb0b58ff40edd25c9943807440ef21cb92a486578d
Windows Kernel ATMFD.DLL Out-of-bounds Read Due To Malformed FDSelect Offset In The CFF Table
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2462
SHA-256 | 67e07a94bd3af7f8fb477b9542888d1cf25f1dc629893818446d17a6c15e0452
Adobe Flash Out-Of-Bounds Memory Read While Parsing A Mutated TTF File Embedded In SWF
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

An out-of-bounds memory read occurs when Adobe Flash parses a mutated TTF file embedded in a swf.

tags | exploit
systems | linux
advisories | CVE-2015-5133
SHA-256 | 3e2118575612a001e7d4cabff18c63bc1b2734d53f9b701a601c82011bcff5be
Flash AS2 Use After Free In TextField.filters (Again)
Posted Aug 21, 2015
Authored by Google Security Research, external

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
SHA-256 | c8c4ddb8248e3234cb7f686b990e44c2c471253c71a58e09d477456af6b8c3b9
Flash DefineBitsLossless / DefineBitsLossless2 Uninitialized Memory
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Issues in DefineBitsLossless and DefineBitsLossless2 leads to using uninitialized memory while rendering a picture. This is caused by the returned value of a zlib function not properly checked.

tags | exploit
systems | linux
advisories | CVE-2015-3093
SHA-256 | 396c2a8d45a861b578261ac35463e414a0c7141b924077f21e2a31daf61bcf90
Flash Uninitialized Stack Variable While Parsing An MPD File Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, external

Loading a weird MPD file can corrupt flash player's memory.

tags | exploit
systems | linux
advisories | CVE-2015-3089
SHA-256 | 838fb72db8a1b4cff405ee11b823ee6860c72fe5b2122b2eea654ffdf46183a5
Security Use After Free In Flash AVSS.setSubscribedTags Memory Corruption
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Use After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.

tags | exploit
systems | linux
advisories | CVE-2015-3088
SHA-256 | 4fd920218793a46ab9cce3ab98f7a35862ab1c6417a8854638fed40036695f51
Security Flash Player Integer Overflow In Function.apply
Posted Aug 21, 2015
Authored by Google Security Research, bilou

An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-3087
SHA-256 | 851dccc1f099ae9b266f4f0571a50d127e908035fc85ecbce224da0685db6067
Flash Broker-Based Sandbox Escape Via Timing Attack Against File Moving
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3081
SHA-256 | 989036efd58bbccc9c007b2a7121bd6ba170455cc7d74bc71d5f4bbe336962f7
Flash Broker-Based Sandbox Escape Via Unexpected Directory Lock
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3083
SHA-256 | ff44243af4b26853124e63a9869c6b81f401bc2ad222680958329a437559b8ef
Flash Broker-Based Sandbox Escape Via Forward Slash Instead Of Backslash
Posted Aug 21, 2015
Authored by keen, Google Security Research

Flash suffers from a broker-based sandbox escape.

tags | exploit
systems | linux
advisories | CVE-2015-3082
SHA-256 | 32f8d2576cdd393f19c2a9cdbb6d3476d8fda0611004641c02e347365ebea2ae
Adobe Reader CoolType Use Of Uninitialized Memory In Transient Array
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.

tags | advisory
systems | linux
advisories | CVE-2015-3049
SHA-256 | 6ace69fba4e02dc5c9eedf369a1611909bcd055bd1c38c7a835323a1176ce061
Flash PCRE Regex Compilation Zero-length Assertion Arbitrary Bytecode Execution
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.

tags | exploit, remote, arbitrary, code execution
systems | linux
advisories | CVE-2015-3042
SHA-256 | f100f0c5cc96a2a407b46491520f1bce43ba7ca526f4e6c69f5887bf768c2eca
Windows Kernel ATMFD.DLL Off-By-X OOB Reads/Writes Relative To Operand Stack
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-0088
SHA-256 | 51ba13f671a701f0476a89dfbec32f4088b01330862ec09c0a793c9e3d8643a0
Windows 7 Admin Check Bypass
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.

tags | exploit
systems | linux, windows
SHA-256 | 8e80a5edbfcfa8ce64460f4e9edf0e6164d6af2253e064cbdbd72a18a7cc6f4a
Windows Kernel ATMFD.DLL OOB Reads
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2458
SHA-256 | 211858c5b9e08bfdb94ac6f00d553181d66e260d3e96b6772ee5d08a2eeebad8
Windows Kernel Win32k.sys TTF Font Processing Pool-based Buffer Overflow In Win32k!scl_ApplyTranslation
Posted Aug 20, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a number of Windows kernel crashes in the win32k!scl_ApplyTranslation function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2456
SHA-256 | 04fddfcac6b041b9767e037c57308e83d27c063d91368ef64e5e28a5f2f828ad
Flash AS2 Use After Free In DisplacementMapFilter.mapBitmap #2
Posted Aug 20, 2015
Authored by Google Security Research, external

There is a use after free in Flash caused by an improper handling of BitmapData objects in the DisplacementMapFilter.mapBitmap property.

tags | exploit
systems | linux
advisories | CVE-2015-5127
SHA-256 | fb9a0a904e45cd0df6256c9beee44fab0c8f0d32abe86dd2ede36f7255957e4d
Page 3 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close