35 matches found
GHSA-PCR8-75V3-W9PF Chakra Core vulnerable to privilege escalation due to type confusion
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Individual Export in module...
GHSA-6V8R-83V3-RMRF ChakraCore RCE Vulnerability
ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930,...
MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation
/ Exploit Title: MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation Date: 2020-09-24 Exploit Author: Matteo Malvica Vendor Homepage: https://www.msi.com Software Link: https://msi.gm/ABLTMNB Driver: MSIO64.sys SHA256: 525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD...
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific...
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the...
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData Vulnerability
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs...
Remote Code Execution (RCE) Via Memory Corruption
microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user...
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached...
Firefox 46.0.1 ASM.JS JIT-Spray Remote Code Execution
CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of asm.js float pool payload/ var targeteip = 0x20200b58 / spr...
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
46.0.1 -- CVE-2016-1960 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x20200000 / target address of asm.js float pool payload/...
CVE-2018-0937
ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930,...
Information disclosure
Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability"...
Information disclosure
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891...
CVE-2018-0930
ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874,...