Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap-Based Memory Corruption

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1198 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while trying to display text using a corrupted...

Microsoft Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)

We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while trying to display text using a corrupted font file: --- 4e0.6dc: Access violation - code c0000005 first chance First chance exceptions are reported before any...

Microsoft IE: textarea.defaultValue memory disclosure (CVE-2017-0059)

There is an use-after-free bug in IE which can lead to info leak / memory disclosure. The bug was confirmed on Internet Explorer version 11.0.9600.18537 update version 11.0.38 PoC: function run var textarea = document.getElementById"textarea"; var frame = document.createElement"iframe";...

Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM (MS17-011)

Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption Around USP10!BuildFSM MS17-011 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1029 We have encountered a number of crashes in the Windows Uniscribe user-mode library, while trying to display text using a...

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion Exploit

Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement CVE-2017-0037 PoC: .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table...

Microsoft Office PowerPoint 2010 GDI - GDI32!ConvertDxArray Insufficient Bounds Check Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in Microsoft Office 2010 running under...

Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=951 Platform: GDI on Windows 7 x86 reachable from Microsoft Office 2010 Class: Out of bounds memory access The following crash was observed in Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled...

Kaspersky AntiVirus - PE Unpacking Integer Overflow

Kaspersky AntiVirus - PE Unpacking Integer Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=526 Fuzzing of packed executables found the attached crash. 0:022 g 83c.bbc: Access violation - code c0000005 first chance First chance exceptions are reported before an...

Microsoft Internet Explorer 11 - Crash (PoC) (2)

Microsoft Internet Explorer 11 - Crash PoC 2 function boom var divA = document.createElement"div"; document.body.appendChilddivA; try //divA.contentEditable = "true"; divA.outerHTML = "AAAA"; var context = divA'msGetInputContext'; catch exception...

Jildi FTP Client 1.5.2 Build 1138 Buffer Overflow Exploit

Jildi FTP Client version 1.5.2 build 1138 suffers from a buffer overflow vulnerability. !/usr/bin/python Exploit Title:Jildi FTP Client Buffer Overflow Poc Version:1.5.2 Build 1138 Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-21604-10562942.html Software...

jetAudio 8.1.3 Basic (mp3) - Crash POC

Exploit for windows platform in category dos / poc Exploit Title : jetAudio 8.1.3 Basic Corrupted mp3 Crash POC Product : jetAudio Basic Date : 8.12.2014 Exploit Author : ITDefensor Vulnerability Research Team http://itdefensor.ru/ Software Link : http://www.jetaudio.com/download/ Vulnerable...

Microsoft Windows - NDPROXY SYSTEM Privilege Escalation (MS14-002)

Microsoft Windows - NDPROXY SYSTEM Privilege Escalation MS14-002 NDPROXY Local SYSTEM privilege escalation http://www.offensive-security.com Tested on Windows XP SP3 http://www.offensive-security.com/vulndev/ndproxy-local-system-exploit-cve-2013-5065/ Original crash ... null pointer dereference...

PEStudio 3.69 - Denial of Service

Title: PEStudio Version 3.69 Denial of Service Date: 5th June 2013 Author: Debasish Mandal https://twitter.com/debasishm89 Blog : http://www.debasish.in/ Software Homepage: http://www.winitor.com/ Version: PEStudio Version 3.69 Tested on: Windows XP SP2 / Windows 7 Vendor Patch : Recently release...

win7 keylayout Blue Screen Vulnerability

Exploit for windows platform in category dos / poc Crash: / win7 Access violation - code c0000005 !!! second chance !!! win32k!ReadLayoutFile+0x62: 9566d591 8b4834 mov ecx,dword ptr eax+34h kd r eax=ffffffe8 ebx=00000000 ecx=fe978b2e edx=000000e0 esi=fe4e0168 edi=00000000 eip=9566d591 esp=985ad8a...

WarFTPd 1.82.00-RC12 - LIST Format String Denial of Service

WarFTPd 1.82.00-RC12 - LIST Format String Denial of Service Vulnerability : War FTP Daemon Format String DoS LIST command Detected by : corelanc0d3r corelanc0d3ratgmaildotcom Type : remote DoS OS : Windows Product : Jgaa's War FTP Daemon Versions affected : 1.82 RC 12 Download link :...

COWON America jetCast 2.0.4.1109 (.mp3) Local Overflow Exploit

Exploit for unknown platform in category local exploits ============================================================== COWON America jetCast 2.0.4.1109 .mp3 Local Overflow Exploit ============================================================== ?php / COWON America jetCast 2.0.4.1109 .mp3 local hea...

MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)

!/usr/bin/perl MPlayer 1.0rc2 TwinVQ Stack Buffer Overflow PoC PoC by Amirreza Aminsalehi "sCORPINo" Proud To be an Abay scorpino x40 gmail x2e com Snoop Security Researching Committee www.snoop-security.com Originaly this bug discovered by Tobias Klein advisory @...

Titan FTP Server Remote Heap Overflow (USER/PASS)

Titan FTP SERVER REMOTE HEAP OVERFLOWUSER/PASS Impact : Critical Windbg Output: bec.528: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=41414141 ebx=00000000 ecx=07e415f4 edx=0000000...

ImgSvr 0.6.5 - POST Denial of Service

ImgSvr 0.6.5 - POST Denial of Service !/usr/bin/perl Proof of concept. Credit's:to n00b for finding this bug. Afected :ImgSvr.exe Download softwear: http://freshmeat.net/projects/imgsvr/ Crash the server with overly long http post request.. Main site of affected product...