Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)

!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=983 There is a use-after-free in TypedArray.sort. In TypedArrayCompareElementsHelper https://chromium.googlesource.com/external/github.com/Microsoft/ChakraCore/+/TimeTravelDebugging/lib/Runtime/Library/TypedArray.cpp, the...

MS15-1 0 6 JavaScript ArrayBuffer. slice any address read-vulnerability analysis-vulnerability warning-the black bar safety net

2 0 1 5 year 8 month 1 3 day, Microsoft released the Update Patch security bulletin MS15-1 0 6, which contains the About Internet Explorer multiple vulnerabilities. Before, we have explained how to attack the VBScript engine inside the Filter function in the presence of type confusion...

(Pwn2Own) Apple Safari ArrayStorage DFG Optimization Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Microsoft Internet Explorer Information Disclosure Vulnerability (CNVD-2015-06653 )

Internet Explorer is a web browser from Microsoft. Internet Explorer 11 has a security vulnerability in its implementation. A remote attacker can exploit this vulnerability to obtain sensitive information about process memory via parameters constructed within the ArrayBuffer.slice call...

(Pwn2Own) Microsoft Internet Explorer DataView Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within jscript9.dll...

X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass Exploit

Exploit for windows platform in category remote exploits !-- Exploit Title: X360 VideoPlayer ActiveX Control RCE Full ASLR & DEP Bypass Author: Rh0 Date: Jan 30 2015 Affected Software: X360 VideoPlayer ActiveX Control 2.6 VideoPlayer.ocx Vulnerability: Buffer Overflow in Data Section Tested on:...

Opera SVG Use After Free Vulnerability

No description provided by source. svg xmlns=http://www.w3.org/2000/svg xmlns:xlink=http://www.w0.org/1999/xlink g id=group defs clipPath id=clip-circle clip-path=urlclip-rect /clipPath clipPath id=clip-rect /clipPath /defs circle id=rect x=10 y=10 width=100 height=100 fill=green / /g script!CDAT...

MozillaThunderbird,seamonkey (important)

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...

(Pwn2Own) Mozilla Firefox ArrayBuffer Out-Of-Bounds Read/Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2014-0983

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/serverdispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromi...

SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

Mozilla: Out-of-bounds read/write through neutering ArrayBuffer objects (MFSA 2014-31)

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...

Mozilla Thunderbird < 24.4 Multiple Vulnerabilities

The installed version of Thunderbird is a version prior to 24.4 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - An issue exists where extracted files for updates are not...

Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...

Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla

Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...

Integer overflow

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service application crash via a large integer argument to the 1 Int32Array, 2 Float32Array, 3 Float64Array, 4 Uint32Array, 5 Int16Array, or 6 ArrayBuffer function. NOTE: the vendor reportedly...