964 matches found
Microsoft Edge Chakra CFG Bypass By Overwriting JavaScript Bytecode Vulnerability
Chakra suffers from a CFG bypass by overwriting JavaScript bytecode. Chakra: CFG bypass by overwriting JavaScript bytecode Assume an attacker has the ability to overwrite Chakra's bytecode, either through a read/write primitive or through an overflow type vulnerability. Let's take a look at the...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
UBUNTU-CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
Type confusion
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. Recent...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player
flash-plugin: remote code execution vulnerability (APSB17-32)
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution...
PT-2017-4162 · Adobe +2 · Flash Player +2
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 27.0.0.159 and earlier Description: The issue is related to a flawed bytecode verification procedure in Adobe Flash Player, which allows an untrusted value to be used in the calculation of an array index. This can...
UBUNTU-CVE-2017-14749
JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...
Memory corruption
JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...
CVE-2017-14749
Removed by vendor...
Microsoft Edge Charka Wrong Scopes In Deferred Parsing
Microsoft Edge: Chakra: Deferred parsing makes wrong scopes CVE-2017-8740 function fa = function printa; with ; function g f; ; When Chakra executes the above code, it doesn't generate bytecode for "g". This is a feature called "DeferParse". The problem is that the bytecode generated for "f" when...
Microsoft Edge Chakra - Parser::ParseCatch does not Handle (eval) Exploit
Exploit for windows platform in category dos / poc PnodeBlockType::Regular, isPattern ? ScopeTypeCatchParamPattern : ScopeTypeCatch; ... ParseNodePtr pnodePattern = ParseDestructuredLiteraltkLET, true /isDecl/, true /topLevel/, DICForceErrorOnInitializer; ... 1. "pnodeCatchScope" is a temporary...
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes Exploit
Exploit for windows platform in category dos / poc GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot scopeLocation;...
Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes
GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot scopeLocation; AnalysisAssertfuncInfo-funcExprScope; if...