what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Apple CoreText libFontParser.dylib Stack Corruption
Posted Feb 5, 2021
Authored by Google Security Research, Tim Willis

Apple CoreText libFontParser.dylib suffers from a stack corruption vulnerability in the handling of /BlendDesignPositions Type 1 objects.

tags | exploit
systems | apple
advisories | CVE-2020-0938, CVE-2020-29624
SHA-256 | 20846ff276b0918588c20eba4f03a51e239d0c24a7bc30e422ba7d6a2a943720

Related Files

QEMU Programmable Interrupt Timer Controller Heap Overflow
Posted Aug 28, 2015
Authored by Google Security Research, matttait

The programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and a heap overflow within the context of the host.

tags | exploit, overflow, info disclosure
systems | linux
SHA-256 | 13f86bfcab19e0b4b4a2b31f5267866e4f2e1bf60fa810d064d79e7a787b0c07
Microsoft Office 2007 RTF XML SmartTags Use-After-Free
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a RTF XML SmartTags use-after-free vulnerability.

tags | advisory
systems | linux
advisories | CVE-2015-1651
SHA-256 | 9112fd06f8a9594124ac555685a4c390b42d8b36cbf029a9deca63894f80b49e
Microsoft Office 2007 OneTableDocumentStream Invalid Object
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-0065
SHA-256 | 71aae25eeff40a890630b5def4b9a4c33395e8cd48b05b1af664a30be591e023
Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow
Posted Aug 25, 2015
Authored by Google Security Research, hawkes

Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-0064
SHA-256 | fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296
Security Flash Heap Use-After-Free In SurfaceFilterList::C​reateFromScriptAtom
Posted Aug 21, 2015
Authored by Google Security Research, bilou

Flash suffers from a use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.

tags | exploit
systems | linux
advisories | CVE-2015-5563
SHA-256 | f25272c8a1f372c28e643e729835debc9a97b7068e8da8e97a5a220acf1e5a89
Flash Bypass Of Length Vs. Cookie Validation
Posted Aug 21, 2015
Authored by Chris Evans, Google Security Research

Flash version 18.0.0.209 contains new mitigations to defend against corruptions of Vector.<uint> (and other) lengths. One of these mitigations, at Vector access time, compares the Vector's in-memory length with a representation of the same length XOR'ed with a secret cookie. The bypass comes about because the secret cookie value is stored inside a structure, and a pointer to that structure is stored alongside the Vector length.

tags | exploit
systems | linux
advisories | CVE-2015-5125
SHA-256 | fcdf12cd364c0ea733d2eac6b27e7d2f9f878fe5206bb8c75cbfc449ce599745
Flash AS2 Use After Free In TextField.filters
Posted Aug 21, 2015
Authored by Google Security Research, bilou

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
advisories | CVE-2015-5561
SHA-256 | 45e43f90ddcb052986798b06cfd1f46ebd1983e9b8561f2e5e9f429141da9e39
Adobe Flash Overflow In ID3 Tag Parsing
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5560
SHA-256 | 35155caf981a1919c824478ec4353bf7b0386be80fed9f35592dd6d487b2c05c
Adobe Flash Shared Object Lacks Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.

tags | exploit
systems | linux
advisories | CVE-2015-5562
SHA-256 | 19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4
Microsoft Office 2007 MSPTLS Heap Index Integer Underflow
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | 6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335
Mozilla Maintenance Service Log File Overwrite Elevation Of Privilege
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.

tags | exploit
systems | linux
advisories | CVE-2015-4481
SHA-256 | 9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6
Flash Heap-Based Buffer Overflow Due To Indexing Error When Loading FLV File
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5118
SHA-256 | 4673942893163cde81ade110d85287f3016da128ff399dfaf5a45be550ea11c7
Flash Heap-Based Buffer Overflow Loading FLV File With Nellymoser Audio Codec
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-4432
SHA-256 | 6dc90c34eaf395d7b5fc097c96fc3bbf1b826f568a8b16ab718447c06a8884a7
Microsoft Office 2007 Wwlib.dll FcPlcfFldMom Uninitialized Heap Usage
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.

tags | exploit, x86
systems | linux, windows
SHA-256 | 03f7aa286c6f7a41a1b151784a5669dfb726e0a84605f216c88584600f74d02f
Microsoft Office 2007 Wwlib.dll Type Confusion
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | a0cd6e10f73a59037ae74f44a92933339dbaf1a11fe054b8edf070270dd6a4c0
Adobe Flash FileReference Class Is Missing Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.

tags | exploit
systems | linux
advisories | CVE-2015-5558
SHA-256 | 913b0be9845adb6b994362bb787074269b6c1eeb7980d5b0f158933108a65e1a
Microsoft Office 2007 OGL.dll DpOutputSpanStretch:OutputSpan Out Of Bounds Write
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1abb29b1bfd3c4155dea845a8f4a1b457d8108a08fdcb085f1548e3efeb296aa
Adobe Flash TextField.gridFitType Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField gridFitType setter.

tags | exploit
systems | linux
advisories | CVE-2015-5557
SHA-256 | 9cfc47e31890f361abe09b956c4448a09809f5f2f950712ad016beb1ef1a03f2
Microsoft Office 2007 MSO.dll Arbitrary Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 running on Windows 7 x86. The attached PoC file will reproduce when Word is closed. However, there were other crashing files (not attached) faulting on the same EIP that did not require Word to be be closed to trigger the crash. This particular PoC did not minimize cleanly and has 666 deltas from the original non-fuzzed file.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1b07b9c7986e7c9c019e444f6094091612c97c9809f57e6a2e72cfe6cd7b5126
Adobe Flash XMLSocket Destructor Does Not Get Cleared Before Setting User Data In Connect (Part 2)
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If XMLSocket connect is called on an object that already has a destroy function set, such as a BitmapData object, the method will set the user data of that object, but not clear the destroy function. This leads to type confusion when the user data is freed during garbage collection.

tags | exploit
systems | linux
advisories | CVE-2015-5554
SHA-256 | 95ab8619713493badebfbf2dae76fc13420fcd4f602713b108d2bb448361a346
Microsoft Office 2007 MSO.dll Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample did not reproduce in Office 2010 running on Windows 7 x86. The attached minimized PoC that produces the crash with 2 bit changes from the original file at offsets 0x11E60 and 0x1515F. Standard office document parsers did not reveal any significance about this location.

tags | exploit, x86
systems | linux, windows
SHA-256 | 64642201e34edd3485b55db10852c7ff6216617108d4d18639058079b398f937
Adobe Flash URL Resource Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

Adobe Flash suffers from a URL resource use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-4430
SHA-256 | b04ff115627b5b76c68978f46ab63e22389ddd834b882f77fa2abc234019242e
Adobe Flash Type Confusion In TextRenderer.setAdvancedAntialiasingTable
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in TextRenderer.setAdvancedAntialiasingTable. If the font, insideCutoff or outsideCutoff are set to objects that are not integers, they are still assumed to be integers.

tags | exploit
systems | linux
advisories | CVE-2015-5555
SHA-256 | a39594a8976bb4f531c327c7e110dd1c104a7e1916ad2cb698311e6d442f6784
Adobe Flash Use-After-Free In CreateTextField
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in CreateTextField in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5556
SHA-256 | 273c349edf06a32073f319cedaeee5bb11cb28bcdc6a8e4ff0b6c4491275e257
Chrome Heap Overflow In Linux HID Device Handler
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

A heap overflow exists due to a 64-32 integer truncation issue in device/hid/hid_connection_linux.cc.

tags | exploit, overflow
systems | linux
SHA-256 | 770ba2318e417025ee29f56a1103dfb964c9deb4f6c83609e26beb78d0effa4f
Page 2 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close