Apple OS X QuickTime memory corruption vulnerability (CNVD-2016-05737)

Apple OS X is a proprietary operating system developed by Apple for Mac computers, with QuickTime as one of the multimedia playback components. A memory corruption vulnerability exists in QuickTime in Apple OS X versions prior to 10.11.6. A remote attacker could exploit this vulnerability to...

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

Apple's CoreGraphics library is an API for users to create and manipulate graphic elements. A remote code execution vulnerability exists in Apple OS X and iOS when working with BMP images. An attacker could use this vulnerability to embed malicious exploit code in a BMP image resulting in an...

CVE-2016-4602

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600...

CVE-2016-4600

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602...

CVE-2016-4600

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602...

CVE-2016-4597

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602...

CVE-2016-4597

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602...

CVE-2016-4596

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602...

Memory corruption

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602...

Memory corruption

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602...

CVE-2016-4602

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600...

CVE-2016-4596

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602...

CVE-2016-4597

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602...

CVE-2016-4600

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602...

CVE-2016-4597

CVE-2016-4597 affects QuickTime in Apple OS X prior to 10.11.6. A remote attacker could cause arbitrary code execution or a denial of service by a crafted FlashPix bitmap image due to a memory corruption issue. Root cause and affected components are described in accompanying CNVD listings for Qui...

A year of Windows kernel font fuzzing #2: the techniques

Posted by Mateusz Jurczyk of Google Project Zero In part 1 of the series see here, we discussed the motivation and outcomes of our year long fuzzing effort against the Windows kernel font engine, followed by an analysis of two bug collisions with Keen Team and Hacking Team that ensued as a result...

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Read

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such...

Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds Reads/Memory Disclosure (MS16-074)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple records which deal with DIBs Device Independent Bitmaps. Examples of such records are EMRALPHABLEND, EMRBITBLT, EMRMASKBLT,...

Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)

Microsoft Windows 7 - win32k Bitmap Use-After-Free MS16-062 2 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=747 The attached PoC crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce. Tested the PoC on a single core...

Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=746 The attached PoC triggers a blue screen on Windows 7 with special pool enabled on win32k.sys . A reference to the bitmap object still exists in the device context after it has...