what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Shannon Baseband SIP URI Decoder Stack Buffer Overflow
Posted May 11, 2023
Authored by Ivan Fratric, Google Security Research

There is a stack buffer overflow in Shannon Baseband in the SIP URI decoder. According to the debug strings present in the firmware image, this decoder corresponds to IMSPL_SipUri.c.

tags | exploit, overflow
advisories | CVE-2023-29091
SHA-256 | cef6065d95093542cb22a1a75544960827efff742ba806ef8e0db27ff1a75588

Related Files

Flash AS2 Use After Free In TextField.filters
Posted Aug 21, 2015
Authored by Google Security Research, bilou

There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.

tags | exploit
systems | linux
advisories | CVE-2015-5561
SHA-256 | 45e43f90ddcb052986798b06cfd1f46ebd1983e9b8561f2e5e9f429141da9e39
Adobe Flash Overflow In ID3 Tag Parsing
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. This issue only works on 64 bit platforms.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5560
SHA-256 | 35155caf981a1919c824478ec4353bf7b0386be80fed9f35592dd6d487b2c05c
Adobe Flash Shared Object Lacks Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object.

tags | exploit
systems | linux
advisories | CVE-2015-5562
SHA-256 | 19f7464f744154d2d6dd211423377f3e324df119f1b2817fad6a0f7b4e6ae5f4
Microsoft Office 2007 MSPTLS Heap Index Integer Underflow
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | 6730e4bcb74ff3ada116f87db7b421bf1d013003c83ef00b178f449904c4d335
Mozilla Maintenance Service Log File Overwrite Elevation Of Privilege
Posted Aug 21, 2015
Authored by Google Security Research, forshaw

The maintenance service creates a log file in a user writable location. It's possible to change the log file to a hardlink to another file to cause file corruption or elevation of privilege.

tags | exploit
systems | linux
advisories | CVE-2015-4481
SHA-256 | 9a1d92cce93d1ad86dd9eac6ec55a2b6aedcc3249f5d93fb13aea55da6b68ba6
Flash Heap-Based Buffer Overflow Due To Indexing Error When Loading FLV File
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow due to an indexing error when loading FLV files.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-5118
SHA-256 | 4673942893163cde81ade110d85287f3016da128ff399dfaf5a45be550ea11c7
Flash Heap-Based Buffer Overflow Loading FLV File With Nellymoser Audio Codec
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Flash suffers from a heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | linux
advisories | CVE-2015-4432
SHA-256 | 6dc90c34eaf395d7b5fc097c96fc3bbf1b826f568a8b16ab718447c06a8884a7
Microsoft Office 2007 Wwlib.dll FcPlcfFldMom Uninitialized Heap Usage
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x31B.

tags | exploit, x86
systems | linux, windows
SHA-256 | 03f7aa286c6f7a41a1b151784a5669dfb726e0a84605f216c88584600f74d02f
Microsoft Office 2007 Wwlib.dll Type Confusion
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86.

tags | exploit, x86
systems | linux, windows
SHA-256 | a0cd6e10f73a59037ae74f44a92933339dbaf1a11fe054b8edf070270dd6a4c0
Adobe Flash FileReference Class Is Missing Normal Check
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in the TextFormat constructor that is reachable because the FileReference constructor does not verify that the incoming object is of type Object (it only checks that the object is not native backed). The TextFormat constructor first sets a new object to type TextFormat, and then calls into script several times before setting the native backing object. If one of these script calls then calls into the FileReference constructor, the object can be set to type FileReference, and then the native object will be set to the TextFormat, leading to type confusion.

tags | exploit
systems | linux
advisories | CVE-2015-5558
SHA-256 | 913b0be9845adb6b994362bb787074269b6c1eeb7980d5b0f158933108a65e1a
Microsoft Office 2007 OGL.dll DpOutputSpanStretch:OutputSpan Out Of Bounds Write
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office 2010 running on Windows 7 x86. The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1abb29b1bfd3c4155dea845a8f4a1b457d8108a08fdcb085f1548e3efeb296aa
Adobe Flash TextField.gridFitType Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in the TextField gridFitType setter.

tags | exploit
systems | linux
advisories | CVE-2015-5557
SHA-256 | 9cfc47e31890f361abe09b956c4448a09809f5f2f950712ad016beb1ef1a03f2
Microsoft Office 2007 MSO.dll Arbitrary Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office 2010 running on Windows 7 x86. The attached PoC file will reproduce when Word is closed. However, there were other crashing files (not attached) faulting on the same EIP that did not require Word to be be closed to trigger the crash. This particular PoC did not minimize cleanly and has 666 deltas from the original non-fuzzed file.

tags | exploit, x86
systems | linux, windows
SHA-256 | 1b07b9c7986e7c9c019e444f6094091612c97c9809f57e6a2e72cfe6cd7b5126
Adobe Flash XMLSocket Destructor Does Not Get Cleared Before Setting User Data In Connect (Part 2)
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

If XMLSocket connect is called on an object that already has a destroy function set, such as a BitmapData object, the method will set the user data of that object, but not clear the destroy function. This leads to type confusion when the user data is freed during garbage collection.

tags | exploit
systems | linux
advisories | CVE-2015-5554
SHA-256 | 95ab8619713493badebfbf2dae76fc13420fcd4f602713b108d2bb448361a346
Microsoft Office 2007 MSO.dll Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, scvitti

A crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample did not reproduce in Office 2010 running on Windows 7 x86. The attached minimized PoC that produces the crash with 2 bit changes from the original file at offsets 0x11E60 and 0x1515F. Standard office document parsers did not reveal any significance about this location.

tags | exploit, x86
systems | linux, windows
SHA-256 | 64642201e34edd3485b55db10852c7ff6216617108d4d18639058079b398f937
Adobe Flash URL Resource Use-After-Free
Posted Aug 21, 2015
Authored by Google Security Research, hawkes

Adobe Flash suffers from a URL resource use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2015-4430
SHA-256 | b04ff115627b5b76c68978f46ab63e22389ddd834b882f77fa2abc234019242e
Adobe Flash Type Confusion In TextRenderer.setAdvancedAntialiasingTable
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a type confusion issue in TextRenderer.setAdvancedAntialiasingTable. If the font, insideCutoff or outsideCutoff are set to objects that are not integers, they are still assumed to be integers.

tags | exploit
systems | linux
advisories | CVE-2015-5555
SHA-256 | a39594a8976bb4f531c327c7e110dd1c104a7e1916ad2cb698311e6d442f6784
Adobe Flash Use-After-Free In CreateTextField
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in CreateTextField in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5556
SHA-256 | 273c349edf06a32073f319cedaeee5bb11cb28bcdc6a8e4ff0b6c4491275e257
Chrome Heap Overflow In Linux HID Device Handler
Posted Aug 21, 2015
Authored by Google Security Research, markbrand

A heap overflow exists due to a 64-32 integer truncation issue in device/hid/hid_connection_linux.cc.

tags | exploit, overflow
systems | linux
SHA-256 | 770ba2318e417025ee29f56a1103dfb964c9deb4f6c83609e26beb78d0effa4f
Flash Bad / Wild Write In XML When Callback Modifies XML Tree
Posted Aug 21, 2015
Authored by Chris Evans, Google Security Research

The proof of concept works by triggering a wild copy in order to demonstrate the crash. But other side-effects are possible such as decrementing the refcount of an out-of-bounds index.

tags | exploit, proof of concept
systems | linux
advisories | CVE-2015-5549
SHA-256 | d354b53a4080ae486dd69761b4252b5e10b5e424aae7f11b794443c70d285daa
Adobe Flash Use-After-Free In SwapDepths
Posted Aug 21, 2015
Authored by Google Security Research, natashenka

There is a use-after-free in MovieClip.swapDepths in Adobe Flash.

tags | exploit
systems | linux
advisories | CVE-2015-5550
SHA-256 | fdc90abdb1b2a25ee44d0715804979dcd608cbd02e9a1639cbcdf73c438f77f6
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Write In Win32k!fsc_BLTHoriz
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_BLTHoriz function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2464
SHA-256 | 5b06b6212cc51d413bdd06023037f42808725455f1165b6efd62121434c36394
Windows Kernel Win32k.sys TTF Font Processing Out-Of-Bounds Pool Memory Access In Win32k!fsc_RemoveDups
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

Researchers have encountered a Windows kernel crash in the win32k!fsc_RemoveDups function while processing corrupted TTF font files.

tags | exploit, kernel
systems | linux, windows
advisories | CVE-2015-2463
SHA-256 | 49ff9762af828d1e6b2e50488ceae9afbbccea4122ec458cc3e8a553d5f7e5aa
Flash Wild Pointer Crash In XML Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample file, signal_sigsegv_7ffff637297a_8900_e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes, perhaps relating to XML handling.

tags | exploit
systems | linux
advisories | CVE-2015-5548
SHA-256 | 4c1acddf8f07f6545317d049c59f4af89211c523cf6ef53842973345239d2469
Flash Wild Pointer In Button Handling
Posted Aug 21, 2015
Authored by Google Security Research, mjurczyk

The attached sample, signal_sigsegv_7ffff60a1429_9554_f4dc661554237404dfe394d4c6c3e674.swf, crashes on Linux x64.

tags | exploit
systems | linux
advisories | CVE-2015-5547
SHA-256 | 576dca8249e5bf441b6ff1587895439d38da0d1c81ab8174fa260345c26a6b1b
Page 2 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    27 Files
  • 29
    Feb 29th
    8 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close